Debian Local Security Checks : Debian Security Advisory DSA 2202-1 (apache2)

Resumen de Precio/Funciones | Ordenar | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad

Búsqueda de Vulnerabilidad		Buscar 61204 Descripciones CVE y 32582 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69338

Categoría: Debian Local Security Checks

Título: Debian Security Advisory DSA 2202-1 (apache2)

Resumen: Debian Security Advisory DSA 2202-1 (apache2)

Descripción: The remote host is missing an update to apache2
announced via advisory DSA 2202-1.

MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that
is included in Debian's apache2 package.

A configuration parsing flaw has been found in MPM_ITK. If the
configuration directive NiceValue was set, but no AssignUserID directive
was specified, the requests would be processed as user and group root
instead of the default Apache user and group.

This issue does not affect the standard Apache HTTPD MPMs prefork,
worker, and event.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in
version 2.2.16-6+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 2.2.17-2.

If you use apache2-mpm-itk, we recommend that you upgrade your apache2

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%202202-1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1176
http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html
http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html
http://openwall.com/lists/oss-security/2011/03/20/1
http://openwall.com/lists/oss-security/2011/03/21/13
Debian Security Information: DSA-2202 (Google Search)
http://www.debian.org/security/2011/dsa-2202
http://www.mandriva.com/security/advisories?name=MDVSA-2011:057
BugTraq ID: 46953
http://www.securityfocus.com/bid/46953
http://www.vupen.com/english/advisories/2011/0748
http://www.vupen.com/english/advisories/2011/0749
http://www.vupen.com/english/advisories/2011/0824
XForce ISS Database: apache-mtmitk-weak-security(66248)
http://xforce.iss.net/xforce/xfdb/66248

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:

Usuario:

Contraseña:

Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.

Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.

Privacidad

Ingreso de Usuario Registrado

Usuario:

Contraseña:

¿Olvidó su usuario o contraseña??

Email/ID de Usario:

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69338
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2202-1 (apache2)
Resumen:	Debian Security Advisory DSA 2202-1 (apache2)
Descripción:	The remote host is missing an update to apache2 announced via advisory DSA 2202-1. MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that is included in Debian's apache2 package. A configuration parsing flaw has been found in MPM_ITK. If the configuration directive NiceValue was set, but no AssignUserID directive was specified, the requests would be processed as user and group root instead of the default Apache user and group. This issue does not affect the standard Apache HTTPD MPMs prefork, worker, and event. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 2.2.17-2. If you use apache2-mpm-itk, we recommend that you upgrade your apache2 Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202202-1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1176 http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html http://openwall.com/lists/oss-security/2011/03/20/1 http://openwall.com/lists/oss-security/2011/03/21/13 Debian Security Information: DSA-2202 (Google Search) http://www.debian.org/security/2011/dsa-2202 http://www.mandriva.com/security/advisories?name=MDVSA-2011:057 BugTraq ID: 46953 http://www.securityfocus.com/bid/46953 http://www.vupen.com/english/advisories/2011/0748 http://www.vupen.com/english/advisories/2011/0749 http://www.vupen.com/english/advisories/2011/0824 XForce ISS Database: apache-mtmitk-weak-security(66248) http://xforce.iss.net/xforce/xfdb/66248
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com