Detections
Analytics

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)

medium Nessus Plugin ID 14058

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes :

Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CVE-2003-0192).

Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CVE-2003-0253).

Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CVE-2003-0254).

The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828).

The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues.

To upgrade these apache packages, first stop Apache by issuing, as root :

service httpd stop

After the upgrade, restart Apache with :

service httpd start

Update :

The previously released packages had a manpage conflict between apache2-common and apache-1.3 that prevented both packages from being installed at the same time. This update provides a fixed apache2-common package.

Solution

Update the affected apache2-common package.

See Also

http://marc.info/?l=bugtraq&m=105259038503175

Plugin Details

Severity: Medium

ID: 14058

File Name: mandrake_MDKSA-2003-075.nasl

Version: 1.24

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:apache2-common, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/28/2003

Reference Information

CVE: CVE-2003-0192, CVE-2003-0253, CVE-2003-0254

CERT: 379828

MDKSA: 2003:075-1