Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:048 (mod

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50825

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:048 (mod_ssl)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mod_ssl
announced via advisory MDKSA-2002:048.

Frank Denis discovered an off-by-one error in mod_ssl dealing with the
handling of older configuration directorives (the rewrite_command
hook). A malicious user could use a specially-crafted .htaccess file
to execute arbitrary commands as the apache user or execute a DoS
against the apache child processes.

This vulnerability is fixed in mod_ssl 2.8.10
patches have been
applied to correct this problem in these packages.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1,
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0653
http://marc.theaimsgroup.com/?l=apache-modssl&m=102491918531562

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: BugTraq ID: 5084
Common Vulnerability Exposure (CVE) ID: CVE-2002-0653
http://www.securityfocus.com/bid/5084
Bugtraq: 20020624 Apache mod_ssl off-by-one vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=102513970919836&w=2
Bugtraq: 20020628 TSL-2002-0058 - apache/mod_ssl (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html
Caldera Security Advisory: CSSA-2002-031.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt
Conectiva Linux advisory: CLA-2002:504
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504
Debian Security Information: DSA-135 (Google Search)
http://www.debian.org/security/2002/dsa-135
En Garde Linux Advisory: ESA-20020702-017
http://marc.info/?l=bugtraq&m=102563469326072&w=2
HPdes Security Advisory: HPSBTL0207-052
http://archives.neohapsis.com/archives/hp/2002-q3/0018.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php
http://www.redhat.com/support/errata/RHSA-2002-134.html
http://www.redhat.com/support/errata/RHSA-2002-135.html
http://www.redhat.com/support/errata/RHSA-2002-136.html
http://www.redhat.com/support/errata/RHSA-2002-146.html
RedHat Security Advisories: RHSA-2002:164
http://rhn.redhat.com/errata/RHSA-2002-164.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
SuSE Security Announcement: SuSE-SA:2002:028 (Google Search)
http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
http://marc.info/?l=vuln-dev&m=102477330617604&w=2
http://www.iss.net/security_center/static/9415.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50825
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:048 (mod_ssl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mod_ssl announced via advisory MDKSA-2002:048. Frank Denis discovered an off-by-one error in mod_ssl dealing with the handling of older configuration directorives (the rewrite_command hook). A malicious user could use a specially-crafted .htaccess file to execute arbitrary commands as the apache user or execute a DoS against the apache child processes. This vulnerability is fixed in mod_ssl 2.8.10 patches have been applied to correct this problem in these packages. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0653 http://marc.theaimsgroup.com/?l=apache-modssl&m=102491918531562 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	BugTraq ID: 5084 Common Vulnerability Exposure (CVE) ID: CVE-2002-0653 http://www.securityfocus.com/bid/5084 Bugtraq: 20020624 Apache mod_ssl off-by-one vulnerability (Google Search) http://marc.info/?l=bugtraq&m=102513970919836&w=2 Bugtraq: 20020628 TSL-2002-0058 - apache/mod_ssl (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html Caldera Security Advisory: CSSA-2002-031.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt Conectiva Linux advisory: CLA-2002:504 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504 Debian Security Information: DSA-135 (Google Search) http://www.debian.org/security/2002/dsa-135 En Garde Linux Advisory: ESA-20020702-017 http://marc.info/?l=bugtraq&m=102563469326072&w=2 HPdes Security Advisory: HPSBTL0207-052 http://archives.neohapsis.com/archives/hp/2002-q3/0018.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php http://www.redhat.com/support/errata/RHSA-2002-134.html http://www.redhat.com/support/errata/RHSA-2002-135.html http://www.redhat.com/support/errata/RHSA-2002-136.html http://www.redhat.com/support/errata/RHSA-2002-146.html RedHat Security Advisories: RHSA-2002:164 http://rhn.redhat.com/errata/RHSA-2002-164.html http://www.redhat.com/support/errata/RHSA-2003-106.html SuSE Security Announcement: SuSE-SA:2002:028 (Google Search) http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html http://marc.info/?l=vuln-dev&m=102477330617604&w=2 http://www.iss.net/security_center/static/9415.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com