English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51539
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2002:530
Summary:Conectiva Security Advisory CLA-2002:530
Description:
The remote host is missing updates announced in
advisory CLA-2002:530.

Apache[1] is the most popular webserver in use today.

This apache update addresses three recent security vulnerabilities:

CVE-2002-0839[3]
There is a vulnerability regarding apache's use of shared memory
(SHM). An attacker which is able to execute code under the
webserver's UID is able to send arbitrary processes an USR1 signal as
root. If untreated, the default for this signal is to terminate the
process.

Via this vulnerability, the attacker is also able to cause the apache
process to continuously spawn more children, causing a local DoS.

The fix for this vulnerability introduced the ShmemUIDisUser
directive, which is documented in the apache-doc package.


CVE-2002-0840[4]
Matthew Murphy warned the apache developers about a cross site
scripting vulnerability in the standard 404 error page.


CVE-2002-0843[5]
There are some buffer overflow vulnerabilities in the ab benchmark
program included in the apache package. An attack scenario would be
that of an user running the ab tool against a web server controlled
by an attacker.


All these vulnerabilities were fixed in the just released[2] 1.3.27
version of the apache web server. The packages available through the
present update, even though they are remaining at version 1.3.26,
include fixes for these problems.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://httpd.apache.org/
http://marc.theaimsgroup.com/?l=apache-httpd-users&m=103367270822891&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0843
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:530
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2002-0839
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html
Conectiva Linux advisory: CLA-2002:530
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
En Garde Linux Advisory: ESA-20021007-024
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT090208
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Debian Security Information: DSA-187 (Google Search)
http://www.debian.org/security/2002/dsa-187
Debian Security Information: DSA-188 (Google Search)
http://www.debian.org/security/2002/dsa-188
Debian Security Information: DSA-195 (Google Search)
http://www.debian.org/security/2002/dsa-195
Bugtraq: 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2
SGI Security Advisory: 20021105-01-I
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
HPdes Security Advisory: HPSBUX0210-224
http://online.securityfocus.com/advisories/4617
Bugtraq: 20021015 GLSA: apache (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html
Bugtraq: 20021017 TSLSA-2002-0069-apache (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
BugTraq ID: 5884
http://www.securityfocus.com/bid/5884
http://www.iss.net/security_center/static/10280.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0840
Bugtraq: 20021002 Apache 2 Cross-Site Scripting (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
http://www.redhat.com/support/errata/RHSA-2002-222.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://www.redhat.com/support/errata/RHSA-2002-251.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
SGI Security Advisory: 20021105-02-I
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
CERT/CC vulnerability note: VU#240329
http://www.kb.cert.org/vuls/id/240329
XForce ISS Database: apache-http-host-xss(10241)
http://xforce.iss.net/xforce/xfdb/10241
BugTraq ID: 5847
http://www.securityfocus.com/bid/5847
http://www.osvdb.org/862
Common Vulnerability Exposure (CVE) ID: CVE-2002-0843
Bugtraq: 20021016 Apache 1.3.26 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
AIX APAR: IY87070
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Conectiva Linux advisory: 000530
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Conectiva Linux advisory: CLSA-2002:530
BugTraq ID: 5995
http://www.securityfocus.com/bid/5995
BugTraq ID: 5996
http://www.securityfocus.com/bid/5996
BugTraq ID: 5887
http://www.securityfocus.com/bid/5887
http://www.vupen.com/english/advisories/2006/3263
http://secunia.com/advisories/21425
http://www.iss.net/security_center/static/10281.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.