Test ID:	1.3.6.1.4.1.25623.1.0.54295
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2004-0047 (Multiple packages)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2004-0047. apache: (from http://httpd.apache.org) This version of Apache is principally a bug fix release. Of particular note is that 2.0.51 addresses five security vulnerabilities: An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy. [CVE-2004-0786] A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file. [CVE-2004-0747] A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. [CVE-2004-0751] A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort. [CVE-2004-0748] A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request. [CVE-2004-0809] cups: Alvaro Martinez Echevarria discovered a bug that made it possible to disable browsing in CUPS by sending an empty UDP datagram to the port where cupsd is running. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0558 to this issue. foomatic-filters: (from http://www.linuxprinting.org/) It was possible to make foomatic-rip execute arbitrary commands as the user lp (or however the spooler's special user is called) on the print server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0801 to this issue. iptables: Package cleanup. Init script improvements. Not a security fix. squid: Certain malformed NTLMSSP packets could crash the NTLM helpers provided by Squid. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0832 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0047 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0786 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11380 http://www.redhat.com/support/errata/RHSA-2004-463.html http://secunia.com/advisories/12540 SuSE Security Announcement: SUSE-SA:2004:032 (Google Search) http://www.novell.com/linux/security/advisories/2004_32_apache2.html http://www.trustix.org/errata/2004/0047/ XForce ISS Database: apache-ipv6-aprutil-dos(17382) https://exchange.xforce.ibmcloud.com/vulnerabilities/17382 Common Vulnerability Exposure (CVE) ID: CVE-2004-0747 CERT/CC vulnerability note: VU#481998 http://www.kb.cert.org/vuls/id/481998 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147 https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561 http://securitytracker.com/id?1011303 http://secunia.com/advisories/34920 http://www.vupen.com/english/advisories/2009/1233 XForce ISS Database: apache-env-configuration-bo(17384) https://exchange.xforce.ibmcloud.com/vulnerabilities/17384 Common Vulnerability Exposure (CVE) ID: CVE-2004-0751 Bugtraq: 20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11864 SuSE Security Announcement: SUSE-SA:2004:030 (Google Search) http://www.novell.com/linux/security/advisories/2004_30_apache2.html XForce ISS Database: apache-modssl-speculative-dos(17273) https://exchange.xforce.ibmcloud.com/vulnerabilities/17273 Common Vulnerability Exposure (CVE) ID: CVE-2004-0748 AUSCERT Advisory: ESB-2004.0553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126 http://www.redhat.com/support/errata/RHSA-2004-349.html XForce ISS Database: apache-modssl-dos(17200) https://exchange.xforce.ibmcloud.com/vulnerabilities/17200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0809 Debian Security Information: DSA-558 (Google Search) http://www.debian.org/security/2004/dsa-558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9588 XForce ISS Database: apache-moddav-lock-dos(17366) https://exchange.xforce.ibmcloud.com/vulnerabilities/17366 Common Vulnerability Exposure (CVE) ID: CVE-2004-0558 http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html BugTraq ID: 11183 http://www.securityfocus.com/bid/11183 Conectiva Linux advisory: CLA-2004:872 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000872 Debian Security Information: DSA-545 (Google Search) http://www.debian.org/security/2004/dsa-545 https://bugzilla.fedora.us/show_bug.cgi?id=2072 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:097 https://github.com/fibonascii/CVE-2004-0558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11732 http://www.redhat.com/support/errata/RHSA-2004-449.html SCO Security Bulletin: SCOSA-2004.15 http://marc.info/?l=bugtraq&m=109760654431316&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57646-1 SuSE Security Announcement: SUSE-SA:2004:031 (Google Search) http://www.suse.com/de/security/2004_31_cups.html XForce ISS Database: cups-udp-dos(17389) https://exchange.xforce.ibmcloud.com/vulnerabilities/17389 Common Vulnerability Exposure (CVE) ID: CVE-2004-0801 BugTraq ID: 11184 http://www.securityfocus.com/bid/11184 Conectiva Linux advisory: CLA-2004:880 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094 SCO Security Bulletin: SCOSA-2005.12 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt http://secunia.com/advisories/12557/ http://secunia.com/advisories/20312 http://www.novell.com/linux/security/advisories/2004_31_cups.html SuSE Security Announcement: SUSE-SA:2006:026 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html http://www.trustix.net/errata/2004/0047/ XForce ISS Database: foomatic-command-execution(17388) https://exchange.xforce.ibmcloud.com/vulnerabilities/17388 Common Vulnerability Exposure (CVE) ID: CVE-2004-0832 BugTraq ID: 11098 http://www.securityfocus.com/bid/11098 http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200409-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:093 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10489 XForce ISS Database: squid-ntlmssp-dos(17218) https://exchange.xforce.ibmcloud.com/vulnerabilities/17218
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.