Memory corruption in Apache 1.3.29: Limited Urchin 5 Exposure
Urchin 5 ships with an embedded Apache webserver that provides access to the web-based Urchin administration and reporting functions. As reported in the following ISS security advisory:
Impact on Urchin Customers
After careful examination of the fix and the threat, Urchin Software Corporation's position on this issue is that:
- Urchin 5 runs almost exclusively on 32-bit platforms, with the exception of 64-bit Sun SPARC systems.
- Urchin Software Corporation has made updated urchinwebd binaries available on our web site at ftp://ftp.urchin.com/pub/support for those customers who wish to upgrade the binaries in their Urchin 5 distributions. These urchinwebd binaries are based on Apache 1.3.31, which is not vulnerable this memory corruption problem.
- The next release of Urchin 5 will contain urchinwebd binaries that are based on Apache 1.3.31.