Tue Sep 21 2004 Joe Orton <jorton at redhat.com> 2.0.51-2.7
ap_rgetline_core fix from Rici Lake
Tue Sep 21 2004 Joe Orton <jorton at redhat.com> 2.0.51-2.6
fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)
Thu Sep 16 2004 Joe Orton <jorton at redhat.com> 2.0.51-2.5
mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade from 2.0.50
Wed Sep 15 2004 Joe Orton <jorton at redhat.com> 2.0.51-2.1
update to 2.0.51, including security fixes for :
core: CVE-2004-0747
mod_dav_fs: CVE-2004-0809
mod_ssl: CVE-2004-0751, CVE-2004-0748
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2004-313.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14807);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2004-0811");
script_xref(name:"FEDORA", value:"2004-313");
script_name(english:"Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora Core host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>
2.0.51-2.7
- ap_rgetline_core fix from Rici Lake
- Tue Sep 21 2004 Joe Orton <jorton at redhat.com>
2.0.51-2.6
- fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)
- Thu Sep 16 2004 Joe Orton <jorton at redhat.com>
2.0.51-2.5
- mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade
from 2.0.50
- revert mod_ldap/mod_auth_ldap changes likewise
- Wed Sep 15 2004 Joe Orton <jorton at redhat.com>
2.0.51-2.1
- update to 2.0.51, including security fixes for :
- core: CVE-2004-0747
- mod_dav_fs: CVE-2004-0809
- mod_ssl: CVE-2004-0751, CVE-2004-0748
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# https://lists.fedoraproject.org/pipermail/announce/2004-September/000303.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?eabde590"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
script_set_attribute(attribute:"patch_publication_date", value:"2004/09/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/24");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC2", reference:"httpd-2.0.51-2.7")) flag++;
if (rpm_check(release:"FC2", reference:"httpd-debuginfo-2.0.51-2.7")) flag++;
if (rpm_check(release:"FC2", reference:"httpd-devel-2.0.51-2.7")) flag++;
if (rpm_check(release:"FC2", reference:"httpd-manual-2.0.51-2.7")) flag++;
if (rpm_check(release:"FC2", reference:"mod_ssl-2.0.51-2.7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | httpd | p-cpe:/a:fedoraproject:fedora:httpd |
fedoraproject | fedora | httpd-debuginfo | p-cpe:/a:fedoraproject:fedora:httpd-debuginfo |
fedoraproject | fedora | httpd-devel | p-cpe:/a:fedoraproject:fedora:httpd-devel |
fedoraproject | fedora | httpd-manual | p-cpe:/a:fedoraproject:fedora:httpd-manual |
fedoraproject | fedora | mod_ssl | p-cpe:/a:fedoraproject:fedora:mod_ssl |
fedoraproject | fedora_core | 2 | cpe:/o:fedoraproject:fedora_core:2 |