ID de Prueba:	1.3.6.1.4.1.25623.1.0.71958
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2011-252-01)
Resumen:	The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2011-252-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2011-252-01 advisory. Vulnerability Insight: Not long ago, httpd package updates were issued to clamp down on a denial of service bug that's seen some action in the wild. New packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/httpd-2.2.20-i486-1_slack13.37.txz: Upgraded. SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'httpd' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3192 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 49303 http://www.securityfocus.com/bid/49303 CERT/CC vulnerability note: VU#405811 http://www.kb.cert.org/vuls/id/405811 Cisco Security Advisory: 20110830 Apache HTTPd Range Header Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml http://www.exploit-db.com/exploits/17696 http://seclists.org/fulldisclosure/2011/Aug/175 http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html HPdes Security Advisory: HPSBMU02704 http://marc.info/?l=bugtraq&m=132033751509019&w=2 HPdes Security Advisory: HPSBMU02766 http://marc.info/?l=bugtraq&m=133477473521382&w=2 HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBOV02822 http://marc.info/?l=bugtraq&m=134987041210674&w=2 HPdes Security Advisory: HPSBUX02702 http://marc.info/?l=bugtraq&m=131551295528105&w=2 HPdes Security Advisory: HPSBUX02707 http://marc.info/?l=bugtraq&m=131731002122529&w=2 HPdes Security Advisory: SSRT100606 HPdes Security Advisory: SSRT100619 HPdes Security Advisory: SSRT100624 HPdes Security Advisory: SSRT100626 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: SSRT100966 http://www.mandriva.com/security/advisories?name=MDVSA-2011:130 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD@minotaur.apache.org%3e http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://osvdb.org/74721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827 http://www.redhat.com/support/errata/RHSA-2011-1245.html http://www.redhat.com/support/errata/RHSA-2011-1294.html http://www.redhat.com/support/errata/RHSA-2011-1300.html http://www.redhat.com/support/errata/RHSA-2011-1329.html http://www.redhat.com/support/errata/RHSA-2011-1330.html http://www.redhat.com/support/errata/RHSA-2011-1369.html http://securitytracker.com/id?1025960 http://secunia.com/advisories/45606 http://secunia.com/advisories/45937 http://secunia.com/advisories/46000 http://secunia.com/advisories/46125 http://secunia.com/advisories/46126 SuSE Security Announcement: SUSE-SU-2011:1000 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html SuSE Security Announcement: SUSE-SU-2011:1007 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html SuSE Security Announcement: SUSE-SU-2011:1010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html SuSE Security Announcement: SUSE-SU-2011:1216 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html SuSE Security Announcement: openSUSE-SU-2011:0993 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html http://www.ubuntu.com/usn/USN-1199-1 XForce ISS Database: apache-http-byterange-dos(69396) https://exchange.xforce.ibmcloud.com/vulnerabilities/69396
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.