Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:134 (apache)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50613

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:134 (apache)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to apache
announced via advisory MDKSA-2004:134.

A possible buffer overflow exists in the get_tag() function of
mod_include, and if SSI (Server Side Includes) are enabled, a local
attacker may be able to run arbitrary code with the rights of an httpd
child process. This could be done with a special HTML document using
malformed SSI.

The updated packages have been patched to prevent this problem.

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: BugTraq ID: 11471
Common Vulnerability Exposure (CVE) ID: CVE-2004-0940
http://www.securityfocus.com/bid/11471
Debian Security Information: DSA-594 (Google Search)
http://www.debian.org/security/2004/dsa-594
http://www.mandriva.com/security/advisories?name=MDKSA-2004:134
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=109906660225051&w=2
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://www.redhat.com/support/errata/RHSA-2005-816.html
http://securitytracker.com/id?1011783
http://secunia.com/advisories/12898/
http://secunia.com/advisories/19073
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
http://www.vupen.com/english/advisories/2006/0789
XForce ISS Database: apache-modinclude-bo(17785)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17785

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50613
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:134 (apache)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache announced via advisory MDKSA-2004:134. A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI. The updated packages have been patched to prevent this problem. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940 Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	BugTraq ID: 11471 Common Vulnerability Exposure (CVE) ID: CVE-2004-0940 http://www.securityfocus.com/bid/11471 Debian Security Information: DSA-594 (Google Search) http://www.debian.org/security/2004/dsa-594 http://www.mandriva.com/security/advisories?name=MDKSA-2004:134 https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E http://marc.info/?l=bugtraq&m=109906660225051&w=2 http://www.redhat.com/support/errata/RHSA-2004-600.html http://www.redhat.com/support/errata/RHSA-2005-816.html http://securitytracker.com/id?1011783 http://secunia.com/advisories/12898/ http://secunia.com/advisories/19073 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://www.vupen.com/english/advisories/2006/0789 XForce ISS Database: apache-modinclude-bo(17785) https://exchange.xforce.ibmcloud.com/vulnerabilities/17785
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com