ID de Prueba:	1.3.6.1.4.1.25623.1.0.58438
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2007:142 (apache)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to apache announced via advisory MDKSA-2007:142. A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled (CVE-2006-5752). The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304). Updated packages have been patched to prevent the above issues. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:142 Risk factor : Medium CVSS Score: 4.7
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5752 AIX APAR: PK49295 http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only AIX APAR: PK52702 http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 BugTraq ID: 24645 http://www.securityfocus.com/bid/24645 Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search) http://www.securityfocus.com/archive/1/505990/100/0/threaded http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html http://security.gentoo.org/glsa/glsa-200711-06.xml HPdes Security Advisory: HPSBUX02262 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HPdes Security Advisory: SSRT071447 http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 http://www.mandriva.com/security/advisories?name=MDKSA-2007:141 http://www.mandriva.com/security/advisories?name=MDKSA-2007:142 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://osvdb.org/37052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154 RedHat Security Advisories: RHSA-2007:0532 RedHat Security Advisories: RHSA-2007:0533 https://rhn.redhat.com/errata/RHSA-2007-0533.html RedHat Security Advisories: RHSA-2007:0534 http://rhn.redhat.com/errata/RHSA-2007-0534.html RedHat Security Advisories: RHSA-2007:0556 http://rhn.redhat.com/errata/RHSA-2007-0556.html http://www.redhat.com/support/errata/RHSA-2007-0557.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securitytracker.com/id?1018302 http://secunia.com/advisories/25827 http://secunia.com/advisories/25830 http://secunia.com/advisories/25873 http://secunia.com/advisories/25920 http://secunia.com/advisories/26273 http://secunia.com/advisories/26443 http://secunia.com/advisories/26458 http://secunia.com/advisories/26508 http://secunia.com/advisories/26822 http://secunia.com/advisories/26842 http://secunia.com/advisories/26993 http://secunia.com/advisories/27037 http://secunia.com/advisories/27563 http://secunia.com/advisories/27732 http://secunia.com/advisories/28212 http://secunia.com/advisories/28224 http://secunia.com/advisories/28606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 SuSE Security Announcement: SUSE-SA:2007:061 (Google Search) http://www.novell.com/linux/security/advisories/2007_61_apache2.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-499-1 http://www.vupen.com/english/advisories/2007/2727 http://www.vupen.com/english/advisories/2007/3283 http://www.vupen.com/english/advisories/2007/3386 http://www.vupen.com/english/advisories/2007/4305 http://www.vupen.com/english/advisories/2008/0233 XForce ISS Database: apache-modstatus-xss(35097) https://exchange.xforce.ibmcloud.com/vulnerabilities/35097 Common Vulnerability Exposure (CVE) ID: CVE-2007-3304 AIX APAR: PK50467 http://www-1.ibm.com/support/search.wss?rs=0&q=PK50467&apar=only AIX APAR: PK53984 http://www-1.ibm.com/support/docview.wss?uid=swg1PK53984 BugTraq ID: 24215 http://www.securityfocus.com/bid/24215 Bugtraq: 20070529 Apache httpd vulenrabilities (Google Search) http://www.securityfocus.com/archive/1/469899/100/0/threaded Bugtraq: 20070619 Apache Prefork MPM vulnerabilities - Report (Google Search) http://www.securityfocus.com/archive/1/471832/100/0/threaded HPdes Security Advisory: HPSBUX02273 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 HPdes Security Advisory: SSRT071476 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111 http://security.psnc.pl/files/apache_report.pdf http://marc.info/?l=apache-httpd-dev&m=118252946632447&w=2 http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.GA15192@redhat.com%3e https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E http://osvdb.org/38939 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11589 http://www.redhat.com/errata/RHSA-2007-0532.html http://www.redhat.com/support/errata/RHSA-2007-0662.html http://www.securitytracker.com/id?1018304 http://secunia.com/advisories/26211 http://secunia.com/advisories/26611 http://secunia.com/advisories/26759 http://secunia.com/advisories/26790 http://secunia.com/advisories/27121 http://secunia.com/advisories/27209 SGI Security Advisory: 20070701-01-P ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://securityreason.com/securityalert/2814 http://www.vupen.com/english/advisories/2007/3100 http://www.vupen.com/english/advisories/2007/3420 http://www.vupen.com/english/advisories/2007/3494 XForce ISS Database: apache-child-process-dos(35095) https://exchange.xforce.ibmcloud.com/vulnerabilities/35095
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.