English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 74154 CVE Beschreibungen
und 39337 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51478
Kategorie:Conectiva Local Security Checks
Titel:Conectiva Security Advisory CLA-2003:775
Zusammenfassung:Conectiva Security Advisory CLA-2003:775
Beschreibung:
The remote host is missing updates announced in
advisory CLA-2003:775.

Apache[1] is the most popular webserver in use today.

New versions of the Apache web server have been made available[2][3]
with the following security fixes:

1. Buffer overflow in mod_alias and mod_rewrite (CVE-2003-0542) [4]
A buffer overflow could occur in mod_alias and mod_rewrite when a
regular expression with more than 9 captures is configured. Users who
can create or modify configuration files (httpd.conf or .htaccess,
for example) could trigger this. This vulnerability affects Apache
1.3.x and Apache 2.0.x.

2. mod_cgid mishandling of CGI redirect paths (CVE-2003-0789) [5]
mod_cgid mishandling of CGI redirect paths could result in CGI output
going to the wrong client when a threaded MPM is used. The packages
provided with Conectiva Linux 9 are not vulnerable to this issue
because they are not compiled with that MPM, but the fix has been
included because new packages for Conectiva Linux 9 were already
being built for the suexec problem (see below).

In addition to the above security fixes, suexec has been correctly
built in the Conectiva Linux 9 packages, fixing[6] the problem where
CGI scripts could not be run from the user's home directory.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:775
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Critical
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0542
http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
Immunix Linux Advisory: IMNX-2003-7+-025-01
Bugtraq: 20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache) (Google Search)
http://www.securityfocus.com/archive/1/342674
Bugtraq: 20031031 GLSA: apache (200310-04) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=106761802305141&w=2
HPdes Security Advisory: HPSBUX0311-301
http://www.securityfocus.com/advisories/6079
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103
http://www.redhat.com/support/errata/RHSA-2003-320.html
http://www.redhat.com/support/errata/RHSA-2003-360.html
http://www.redhat.com/support/errata/RHSA-2003-405.html
http://www.redhat.com/support/errata/RHSA-2004-015.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
SCO Security Bulletin: CSSA-2003-SCO.28
SCO Security Bulletin: SCOSA-2004.6
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt
SGI Security Advisory: 20031203-01-U
ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
CERT/CC vulnerability note: VU#434566
http://www.kb.cert.org/vuls/id/434566
CERT/CC vulnerability note: VU#549142
http://www.kb.cert.org/vuls/id/549142
BugTraq ID: 8911
http://www.securityfocus.com/bid/8911
BugTraq ID: 9504
http://www.securityfocus.com/bid/9504
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:863
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:864
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3799
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9458
http://secunia.com/advisories/10096
http://secunia.com/advisories/10098
http://secunia.com/advisories/10102
http://secunia.com/advisories/10112
http://secunia.com/advisories/10114
http://secunia.com/advisories/10153
http://secunia.com/advisories/10260
http://secunia.com/advisories/10264
http://secunia.com/advisories/10463
http://secunia.com/advisories/10580
http://secunia.com/advisories/10593
XForce ISS Database: apache-modalias-modrewrite-bo(13400)
http://xforce.iss.net/xforce/xfdb/13400
Common Vulnerability Exposure (CVE) ID: CVE-2003-0789
Conectiva Linux advisory: CLA-2003:775
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775
http://security.gentoo.org/glsa/glsa-200310-04.xml
Computer Incident Advisory Center Bulletin: O-015
http://www.ciac.org/ciac/bulletins/o-015.shtml
BugTraq ID: 8926
http://www.securityfocus.com/bid/8926
XForce ISS Database: apache-modcgi-info-disclosure(13552)
http://xforce.iss.net/xforce/xfdb/13552
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39337 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.