Test ID:	1.3.6.1.4.1.25623.1.0.51539
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:530
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:530. Apache[1] is the most popular webserver in use today. This apache update addresses three recent security vulnerabilities: CVE-2002-0839[3] There is a vulnerability regarding apache's use of shared memory (SHM). An attacker which is able to execute code under the webserver's UID is able to send arbitrary processes an USR1 signal as root. If untreated, the default for this signal is to terminate the process. Via this vulnerability, the attacker is also able to cause the apache process to continuously spawn more children, causing a local DoS. The fix for this vulnerability introduced the ShmemUIDisUser directive, which is documented in the apache-doc package. CVE-2002-0840[4] Matthew Murphy warned the apache developers about a cross site scripting vulnerability in the standard 404 error page. CVE-2002-0843[5] There are some buffer overflow vulnerabilities in the ab benchmark program included in the apache package. An attack scenario would be that of an user running the ab tool against a web server controlled by an attacker. All these vulnerabilities were fixed in the just released[2] 1.3.27 version of the apache web server. The packages available through the present update, even though they are remaining at version 1.3.26, include fixes for these problems. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://httpd.apache.org/ http://marc.theaimsgroup.com/?l=apache-httpd-users&m=103367270822891&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:530 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0839 BugTraq ID: 5884 http://www.securityfocus.com/bid/5884 Bugtraq: 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) (Google Search) http://marc.info/?l=bugtraq&m=103376585508776&w=2 Bugtraq: 20021015 GLSA: apache (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html Bugtraq: 20021017 TSLSA-2002-0069-apache (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Conectiva Linux advisory: CLA-2002:530 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Debian Security Information: DSA-187 (Google Search) http://www.debian.org/security/2002/dsa-187 Debian Security Information: DSA-188 (Google Search) http://www.debian.org/security/2002/dsa-188 Debian Security Information: DSA-195 (Google Search) http://www.debian.org/security/2002/dsa-195 En Garde Linux Advisory: ESA-20021007-024 http://www.linuxsecurity.com/advisories/other_advisory-2414.html HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX0210-224 http://online.securityfocus.com/advisories/4617 HPdes Security Advisory: SSRT090208 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E SGI Security Advisory: 20021105-01-I ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html http://www.iss.net/security_center/static/10280.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0840 BugTraq ID: 5847 http://www.securityfocus.com/bid/5847 Bugtraq: 20021002 Apache 2 Cross-Site Scripting (Google Search) http://marc.info/?l=bugtraq&m=103357160425708&w=2 CERT/CC vulnerability note: VU#240329 http://www.kb.cert.org/vuls/id/240329 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E http://www.osvdb.org/862 http://www.redhat.com/support/errata/RHSA-2002-222.html http://www.redhat.com/support/errata/RHSA-2002-243.html http://www.redhat.com/support/errata/RHSA-2002-244.html http://www.redhat.com/support/errata/RHSA-2002-248.html http://www.redhat.com/support/errata/RHSA-2002-251.html http://www.redhat.com/support/errata/RHSA-2003-106.html SGI Security Advisory: 20021105-02-I ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html XForce ISS Database: apache-http-host-xss(10241) https://exchange.xforce.ibmcloud.com/vulnerabilities/10241 Common Vulnerability Exposure (CVE) ID: CVE-2002-0843 AIX APAR: IY87070 http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only BugTraq ID: 5887 http://www.securityfocus.com/bid/5887 BugTraq ID: 5995 http://www.securityfocus.com/bid/5995 BugTraq ID: 5996 http://www.securityfocus.com/bid/5996 Bugtraq: 20021016 Apache 1.3.26 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html Conectiva Linux advisory: 000530 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 Conectiva Linux advisory: CLSA-2002:530 http://secunia.com/advisories/21425 http://www.vupen.com/english/advisories/2006/3263 http://www.iss.net/security_center/static/10281.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.