Test Kennung:	1.3.6.1.4.1.25623.1.0.51364
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2004:868
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2004:868. Apache[1] is the most popular webserver in use today. This announcement fixes the following issues with apache, mod_ssl and mod_dav: 1. Denial of service in ap_get_mime_headers_core() function (CVE-2004-0493[2]) The ap_get_mime_headers_core() function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion). 2. Buffer overflow in .htaccess files handler (CVE-2004-0747[3]) Buffer overflow in Apache 2.0.50 and earlier allows local attackers to gain apache privileges via a .htaccess file that causes the buffer overflow during expansion of environment variables. 3. Denial of service in mod_ssl (CVE-2004-0748[4]) mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. 4. Denial of service in char_buffer_read() function in mod_ssl (CVE-2004-0751[5]) The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). 5. Denial of service in IPv6 URI parsing routines (CVE-2004-0786[6]) The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. 6. Denial of service in mod_dav (CVE-2004-0809[7]) The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://apache.httpd.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809 http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:868 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 6.4
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0493 BugTraq ID: 10619 http://www.securityfocus.com/bid/10619 Bugtraq: 20040629 TSSA-2004-012 - apache (Google Search) http://marc.info/?l=bugtraq&m=108853066800184&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html http://security.gentoo.org/glsa/glsa-200407-03.xml HPdes Security Advisory: SSRT4777 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2004:064 http://www.guninski.com/httpd1.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10605 http://www.redhat.com/support/errata/RHSA-2004-342.html http://www.trustix.org/errata/2004/0039/ XForce ISS Database: apache-apgetmimeheaderscore-dos(16524) https://exchange.xforce.ibmcloud.com/vulnerabilities/16524 Common Vulnerability Exposure (CVE) ID: CVE-2004-0747 CERT/CC vulnerability note: VU#481998 http://www.kb.cert.org/vuls/id/481998 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147 https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561 http://www.redhat.com/support/errata/RHSA-2004-463.html http://securitytracker.com/id?1011303 http://secunia.com/advisories/12540 http://secunia.com/advisories/34920 SuSE Security Announcement: SUSE-SA:2004:032 (Google Search) http://www.novell.com/linux/security/advisories/2004_32_apache2.html http://www.trustix.org/errata/2004/0047/ http://www.vupen.com/english/advisories/2009/1233 XForce ISS Database: apache-env-configuration-bo(17384) https://exchange.xforce.ibmcloud.com/vulnerabilities/17384 Common Vulnerability Exposure (CVE) ID: CVE-2004-0748 AUSCERT Advisory: ESB-2004.0553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126 http://www.redhat.com/support/errata/RHSA-2004-349.html SuSE Security Announcement: SUSE-SA:2004:030 (Google Search) http://www.novell.com/linux/security/advisories/2004_30_apache2.html XForce ISS Database: apache-modssl-dos(17200) https://exchange.xforce.ibmcloud.com/vulnerabilities/17200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0751 Bugtraq: 20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11864 XForce ISS Database: apache-modssl-speculative-dos(17273) https://exchange.xforce.ibmcloud.com/vulnerabilities/17273 Common Vulnerability Exposure (CVE) ID: CVE-2004-0786 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11380 XForce ISS Database: apache-ipv6-aprutil-dos(17382) https://exchange.xforce.ibmcloud.com/vulnerabilities/17382 Common Vulnerability Exposure (CVE) ID: CVE-2004-0809 Debian Security Information: DSA-558 (Google Search) http://www.debian.org/security/2004/dsa-558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9588 XForce ISS Database: apache-moddav-lock-dos(17366) https://exchange.xforce.ibmcloud.com/vulnerabilities/17366
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.