NULL pointer dereference in apache2 (Alpine package)

1) NULL pointer dereference

EUVDB-ID: #VU7116

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2017-3169

CWE-ID: CWE-592 - Authentication Bypass Issues

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a NULL pointer dereference error within mod_ssl module, when third-party modules call ap_hook_process_connection() function during an HTTP request to an HTTPS port. A remote attacker can send a specially crafted HTTP request and crash the affected web server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

apache2 (Alpine package): 2.2.20-r0 - 2.4.25-r1

CPE2.3

• cpe:2.3:a:alpine:apache2_alpine_package:2.2.20-r0:*:*:*:*:alpine_linux:*:2.1
• cpe:2.3:a:alpine:apache2_alpine_package:2.2.21-r0:*:*:*:*:alpine_linux:*:2.1
• cpe:2.3:a:alpine:apache2_alpine_package:2.2.21-r1:*:*:*:*:alpine_linux:*:2.1

External links

https://git.alpinelinux.org/aports/commit/?id=33c9b879e1ac2712ea308a9c9e642d83b54d690d
https://git.alpinelinux.org/aports/commit/?id=123bd575ef649725247a39822c96929fc1d5e06b
https://git.alpinelinux.org/aports/commit/?id=a565b281e6104e1e1f7ec2b18e1e43353c71a483
https://git.alpinelinux.org/aports/commit/?id=c930c29f44d1c8c27a01acc3e871b48922d3b620
https://git.alpinelinux.org/aports/commit/?id=f0f780e35d42ebf1bbacad2015da18bf1c42dc74

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.