English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2004-17
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 28 May 2004
 Last revised           : 28 May 2004

 Package : apache

 Summary : Multiple vulnerabilities in apache 

 More information :
    Apache is a powerful, full-featured, efficient, and freely-available Web server.

    - Apache does not filter terminal escape sequences from its error logs,
      which could make it easier for attackers to insert those sequences
      into terminal emulators containing vulnerabilities related to escape sequences.

    - mod_digest for Apache does not properly verify the nonce of a client response by
      using a AuthNonce secret.

 Impact :
    A third party may gain unauthorized access to a web server. 

 Affected Products :
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 # turbopkg
 or
 # zabom update apache apache-devel apache-manual mod_ssl
 ---------------------------------------------


 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size : MD5

   apache-1.3.27-23.src.rpm
      3104221 c62c1249139f17852aba2a4f8e976700

   Binary Packages
   Size : MD5

   apache-1.3.27-23.i586.rpm
       501592 61a908c8f6b325b34e18782a5623ebab
   apache-devel-1.3.27-23.i586.rpm
        94278 74a131e6990c18cd86a86655cec91099
   mod_ssl-2.8.14-23.i586.rpm
       181149 b17be2efd850d43668c1ace32a80b076

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size : MD5

   apache-1.3.27-23.src.rpm
      3104221 a3a4b02dd3079169ddfed1c73e11fd4e

   Binary Packages
   Size : MD5

   apache-1.3.27-23.i586.rpm
       501539 df2a88cb00e7c315995dc12dd2ad9298
   apache-devel-1.3.27-23.i586.rpm
        94096 71c5c5bf97c8d76e6851cfbdc62eb112
   mod_ssl-2.8.14-23.i586.rpm
       181120 4bcf9b8a5622f275a000901fdd65041c

 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 fae6385e7dd7b5d2206078c119e59955

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-23.i586.rpm
       501380 ba8a8b856724b0c40fc9d93b417b8090
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94116 fefbb5128a71f48bc1b479bfd9e2f964
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850102 894ab60db4c481e657cb2070df7ccfb6
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       181001 5a140863eec56d160e6ac0201859c7fc

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 8c69532031a4db7c9e26dc5d2300cee9

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-1.3.27-23.i586.rpm
       501428 2ca754a87193d855e0eec0208db7656f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94141 b72f561542781658bceaa318a7cce4ec
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850361 7b026bd15eeb5d540dacddec9e88ae33
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       180937 64d6422dad738b7492c2d4dfe75e02f1

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 e8888ee7ad0be1f1f2d340eab4d2e282

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-1.3.27-23.i586.rpm
       487526 7ce095cabb03c8f9a3685d4e0a903d12
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94158 07a772f8a2946a44f85536c8ef9be9d0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850325 7a3f80c26378c56e892b0532b1dac542
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       178538 6e38f124e06aeeedd724ec19ad640c69

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 eda5f2c70c693059619ae779ef7e5e32

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-1.3.27-23.i586.rpm
       487425 ee3f380641a272cea36c29112ac48945
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-devel-1.3.27-23.i586.rpm
        94165 94d4ea71797f204177f608df49a18e06
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/apache-manual-1.3.27-23.i586.rpm
       850245 d24632ebdfd6282d7a4ca3188a8a3392
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mod_ssl-2.8.14-23.i586.rpm
       178704 47ebafb153d886d6d6fc1eab0de304a8

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 bb8185361df260baa1f82e2fb00238c4

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-1.3.27-23.i386.rpm
       574103 345b50f95b4dcf5e157ce42544e5257b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110319 72a5a542c40fb13e7655e262bb90020f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1088349 d4dc2892b7bd051f10548f3469c3f399
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
       191829 7d73f18b30b3b66338ae54f242becc95

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 ab48dbcecff93759e28937238333d17d

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
       574418 b23e9d600c8c238f816c5bd0384a5a3f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110279 40edfbf79b0281dac916b9047b32ada7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1089057 5d71326057b45bbc8720ff2fdd5fdcf3
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
       191898 3603df1c0badb941fe8222876246ad47

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 118886ebb423bbc369db26cad739a2ae

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
       574226 616250d1c67bdfb3c4fc1936c3e22b25
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110287 b41abb5ba773549a986caf0a00fc21b1
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1089381 f2c34f7bc06fd381ecfa424992323e21
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/mod_ssl-2.8.14-23.i386.rpm
       191864 b35b6e929225c85170d24a32c6566754

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/apache-1.3.27-23.src.rpm
      3104221 f4874cf86944e7292f9410e66b3e57d1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-1.3.27-23.i386.rpm
       574148 d10b21fa6e652e7f5963ae30d638d3f0
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-devel-1.3.27-23.i386.rpm
       110308 6c8cd18830f592259706af09fb547dcb
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/apache-manual-1.3.27-23.i386.rpm
      1089368 b3e894e3d0eebdcc8286da19d0612b72


 References:

 The Apache HTTP Server Project
   [Changes with Apache 1.3.31]
   http://www.apache.org/dist/httpd/CHANGES_1.3

 CVE
   [CAN-2003-0020]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020
   [CAN-2003-0987]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987
   [CAN-2003-0993]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993
   [CAN-2004-0174]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174


 --------------------------------------------------------------------------
 Revision History
    28 May 2004 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2004 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAtu//K0LzjOqIJMwRAtbyAKCBNihJnSWAkGMHJgiORBrg3JVPkACgrEgI
+L26L05Hc7MRVuQ3Fo1Xu3o=
=lAlh
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.