=====================================================================
                                 CERT-Renater

                      Note d'Information No. 2004/VULN109
_____________________________________________________________________

DATE                      : 15/03/2004

HARDWARE PLATFORM(S)      : sparc64

OPERATING SYSTEM(S)       : Systems running Apache httpd.
                            
======================================================================

Due to a bug in the parsing of Allow/Deny rules for httpd's access
module, using IP addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. This only affects
sparc64.

The problem is fixed in -current, 3.4-stable and 3.3-stable.

Patches are available at:

  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/014_httpd2.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch


======================================================================

        =========================================================
        Les serveurs de référence du CERT-Renater
        http://www.urec.fr/securite
        http://www.cru.fr/securite
        http://www.renater.fr 
	=========================================================
	+ CERT-RENATER		| tel : 01-53-94-20-44		+
	+ 151 bd de l'Hopital	| fax : 01-53-94-20-41		+
	+ 75013 Paris		| email: certsvp@renater.fr	+
	=========================================================