Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.

Memory corruption in Apache 1.3.29: Limited Urchin 5 Exposure


Urchin 5 ships with an embedded Apache webserver that provides access to the web-based Urchin administration and reporting functions. As reported in the following ISS security advisory:

Apache HTTP Server versions 1.3.29 and earlier running on non-32-bit processor architectures, memory corruption in certain authentication modules could allow a remote attacker to execute arbitrary code on the system.. Urchin 5.500 through Urchin 5.600 ship with Apache 1.3.29.

Impact on Urchin Customers

After careful examination of the fix and the threat, Urchin Software Corporation's position on this issue is that:

  1. Urchin 5 runs almost exclusively on 32-bit platforms, with the exception of 64-bit Sun SPARC systems.
  2. Urchin Software Corporation has made updated urchinwebd binaries available on our web site at ftp://ftp.urchin.com/pub/support for those customers who wish to upgrade the binaries in their Urchin 5 distributions. These urchinwebd binaries are based on Apache 1.3.31, which is not vulnerable this memory corruption problem.
  3. The next release of Urchin 5 will contain urchinwebd binaries that are based on Apache 1.3.31.

See Also

Clear search
Close search
Google apps
Main menu
Search Help Center