CVE Number – CVE-2017-12613
A vulnerability in Apache Portable Runtime Library could allow an unauthenticated, remote attacker to gain access to sensitive information on a targeted system.
The vulnerability is due to an out-of-bounds array dereference in the apr_time_exp_get() function of the affected software. An attacker could exploit this vulnerability by accessing prior out-of-bounds memory. A successful exploit could allow the attacker to gain access to sensitive information or cause a denial of service (DoS) condition on the targeted system.
The Apache Software Foundation has confirmed the vulnerability and released software updates.
To exploit this vulnerability, the attacker may need access to trusted or internal networks to transmit malicious data to a targeted system. This access requirement could reduce the likelihood of a successful exploit.
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
The Apache Software Foundation has released software updates at the following link: APR-util 1.6.3
CentOS packages can be updated using the up2date or yum command.
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later by using the yum tool.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.