Three security fixes were prominent in the latest version of the Apache Web server, released over the weekend.
Apache HTTP Server 2.0.49 is available for download
Most enterprises, however, are running Apache 1.3, according to Mark Cox, a member of the Apache Software Foundation security team, mitigating the potential harm.
Two flaws could lead to denial-of-service conditions on the server while the third could open the door to exploits of certain terminal emulators, Cox said.
Linux distributors like Red Hat have already folded in the fixes into their enterprise distributions.
Possibly the most serious flaw addressed was a remotely triggered memory leak in mod_ssl that could crash an Apache HTTP server installation by consuming available memory. The memory leak was found in versions prior to 2.0.49.
Mod_SSL provides strong cryptography for Apache via Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
"This one is very easy to exploit," Cox said. "It's easy to trigger by submitting a malicious request so that Apache leaks each time. Eventually, all the memory will be consumed and the server will crash."
Cox said a small patch is available should an enterprise choose not to do a full upgrade.
Apache also fixed another potential problem that occurs because Apache does not filter terminal escape sequences from its error logs. An attacker could capture that information and insert those sequences into terminal emulators containing vulnerabilities.
The final flaw addressed in this release does not affect Linux or FreeBSD installations. When using multiple listening sockets, a denial-of-service attack is possible on some versions of AIX, Solaris, and Tru64some platforms due to a race condition in the handling of short-lived connections, Apache said.
According to an advisory from Apache, "[the upgraded fixes a] starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely accessed listening socket."