RHEL 2.1 : apache, mod_ssl (RHSA-2004:600)

high Nessus Plugin ID 15960

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1.

The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

A buffer overflow was discovered in the mod_include module. This flaw could allow a local user who is authorized to create server-side include (SSI) files to gain the privileges of a httpd child (user 'apache'). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0940 to this issue.

The mod_digest module does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification, which is known not to work with modern browsers. This issue does not affect mod_auth_digest. (CVE-2003-0987).

An issue has been discovered in the mod_ssl module when configured to use the 'SSLCipherSuite' directive in a directory or location context.
If a particular location context has been configured to require a specific set of cipher suites, then a client is able to access that location using any cipher suite allowed by the virtual host configuration. (CVE-2004-0885).

Several bugs in mod_ssl were also discovered, including :

- memory leaks in SSL variable handling

- possible crashes in the dbm and shmht session caches

Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2003-0987

https://access.redhat.com/security/cve/cve-2004-0885

https://access.redhat.com/security/cve/cve-2004-0940

https://access.redhat.com/errata/RHSA-2004:600

Plugin Details

Severity: High

ID: 15960

File Name: redhat-RHSA-2004-600.nasl

Version: 1.25

Type: local

Agent: unix

Published: 12/14/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:apache, p-cpe:/a:redhat:enterprise_linux:mod_ssl, p-cpe:/a:redhat:enterprise_linux:apache-manual, cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:apache-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 12/13/2004

Vulnerability Publication Date: 3/3/2004

Reference Information

CVE: CVE-2003-0987, CVE-2004-0885, CVE-2004-0940

CWE: 119

RHSA: 2004:600