PK93225: Apache Portable Runtime memory allocation functions can return invalid pointers (CVE-2009-2412).

Fixes are available

APAR status

Closed as program error.

Error description

When callers ask for one giant memory allocation of just
below the address space size (e.g. 2^32 and (2^32 - 6)
bytes) of storage using the Apache Portable Runtime, an
invalid pointer may be returned instead of a NULL pointer
indicating an error (CVE-2009-2412).

Well-behaved Apache modules should crash after being fooled
into making such an allocation, but may instead write to
arbitrary memory.

No known Apache module is susceptible to this flaw because
no known module has such a pre-existing DoS that would
cause it to allocate memory proportional to user input.

A hypothetical Apache module with a severe DoS defect
can be escalated by this APAR into remote execution.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: IHS users with third-party modules loaded    *
* in IBM HTTP Server (modules not distributed by IBM).         *
****************************************************************
* PROBLEM DESCRIPTION:  Memory allocation DoS is escalated     *
* to possible remote execution                                 *
****************************************************************
* RECOMMENDATION: IHS users with third-party modules loaded    *
* should apply this interim fix in case the module has an      *
* undisclosed/unresolved memory allocation DoS made worse by   *
* this APAR.                                                   *
****************************************************************
No known vectors to trigger this defect with any Apache IBM,
Apache Software Foundation, or third-party module vendor. This
vulnerability is in the Apache Portable Runtime bundled by
Apache HTTP Server and IBM HTTP Server, not directly in the
websever component.

Problem conclusion

The alignemnt function in the Apache Portable Runtime has
been corrected to properly track when no allocation is
performed, returning NULL when an allocation cannot be
satisfied.

This fix is targeted for IHS fixpacks:
 - 6.0.2.39
 - 6.1.0.29
 - 7.0.0.7

Temporary fix

Comments

APAR Information

APAR number
PK93225
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2009-08-05
Closed date
2009-08-20
Last modified date
2009-10-15

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801

Applicable component levels

R60A PSN
UP
R60H PSN
UP
R60I PSN
UP
R60P PSN
UP
R60S PSN
UP
R60W PSN
UP
R60Z PSN
UP
R61A PSN
UP
R61H PSN
UP
R61I PSN
UP
R61P PSN
UP
R61S PSN
UP
R61W PSN
UP
R61Z PSN
UP
R700 PSN
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
07 September 2022

Tips

PK93225: Apache Portable Runtime memory allocation functions can return invalid pointers (CVE-2009-2412).

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R60A PSN

R60H PSN

R60I PSN

R60P PSN

R60S PSN

R60W PSN

R60Z PSN

R61A PSN

R61H PSN

R61I PSN

R61P PSN

R61S PSN

R61W PSN

R61Z PSN

R700 PSN

Document Information

Share your feedback

Need support?