Search...

Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)

2007-01-17T00:00:00

ID FEDORA_2006-863.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

This update fixes a security issue in the mod_rewrite module.

Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747)

The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2006-863.
#

include("compat.inc");

if (description)
{
  script_id(24162);
  script_version ("1.15");
  script_cvs_date("Date: 2018/07/19 23:19:05");

  script_xref(name:"FEDORA", value:"2006-863");

  script_name(english:"Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes a security issue in the mod_rewrite module.

Mark Dowd of McAfee Avert Labs reported an off-by-one security problem
in the LDAP scheme handling of the mod_rewrite module. Where
RewriteEngine was enabled, and for certain RewriteRules, this could
lead to a pointer being written out of bounds. (CVE-2006-3747)

The ability to exploit this issue is dependent on the stack layout for
a particular compiled version of mod_rewrite. The Fedora project has
analyzed Fedora Core 4 and 5 binaries and determined that these
distributions are vulnerable to this issue. However this flaw does not
affect a default installation of Fedora Core; users who do not use, or
have not enabled, the Rewrite module are not affected by this issue.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000463.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?90802964"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC5", reference:"httpd-2.2.2-1.2")) flag++;
if (rpm_check(release:"FC5", reference:"httpd-debuginfo-2.2.2-1.2")) flag++;
if (rpm_check(release:"FC5", reference:"httpd-devel-2.2.2-1.2")) flag++;
if (rpm_check(release:"FC5", reference:"httpd-manual-2.2.2-1.2")) flag++;
if (rpm_check(release:"FC5", reference:"mod_ssl-2.2.2-1.2")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl");
}

JSON Vulners Source

Initial Source

{"id": "FEDORA_2006-863.NASL", "bulletinFamily": "scanner", "title": "Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)", "description": "This update fixes a security issue in the mod_rewrite module.\n\nMark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747)\n\nThe ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-01-17T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24162", "reporter": "Tenable", "references": ["http://www.nessus.org/u?90802964"], "cvelist": [], "type": "nessus", "lastseen": "2018-08-02T07:54:32", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update fixes a security issue in the mod_rewrite module.\n\nMark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747)\n\nThe ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "e31fcb21349004e1fa6feebc6ed5d94943bd61bb53145f9c375d2b4117519f99", "hashmap": [{"hash": "1dc45e39ced2ae0d31df7697759858e5", "key": "published"}, {"hash": "5283b2e4baca7bf6757d58ee3a0eef37", "key": "references"}, {"hash": "f02e786e99819d77f7b69e685f9e58ed", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1a7fd965c4e7dc9a6c6665ca4ba813c2", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "7fa23962b521d8ba518644263d7fae05", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "85ce50fbcc0b9d675ffe0bae833f96d7", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b5d48c92a775d5e1c502b08a376b9685", "key": "sourceData"}, {"hash": "007ee428aad871f8c7bb6538b9455fa5", "key": "title"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=24162", "id": "FEDORA_2006-863.NASL", "lastseen": "2017-10-29T13:38:22", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "24162", "published": "2007-01-17T00:00:00", "references": ["http://www.nessus.org/u?90802964"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-863.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24162);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:46:27 $\");\n\n script_xref(name:\"FEDORA\", value:\"2006-863\");\n\n script_name(english:\"Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security issue in the mod_rewrite module.\n\nMark Dowd of McAfee Avert Labs reported an off-by-one security problem\nin the LDAP scheme handling of the mod_rewrite module. Where\nRewriteEngine was enabled, and for certain RewriteRules, this could\nlead to a pointer being written out of bounds. (CVE-2006-3747)\n\nThe ability to exploit this issue is dependent on the stack layout for\na particular compiled version of mod_rewrite. The Fedora project has\nanalyzed Fedora Core 4 and 5 binaries and determined that these\ndistributions are vulnerable to this issue. However this flaw does not\naffect a default installation of Fedora Core; users who do not use, or\nhave not enabled, the Rewrite module are not affected by this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000463.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90802964\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"httpd-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-debuginfo-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-devel-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-manual-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mod_ssl-2.2.2-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "title": "Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:38:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update fixes a security issue in the mod_rewrite module.\n\nMark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747)\n\nThe ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "476de4a81081e58dfc1667a926a37d65ace749a6d6398685d7c6b8a506736bfe", "hashmap": [{"hash": "1dc45e39ced2ae0d31df7697759858e5", "key": "published"}, {"hash": "5283b2e4baca7bf6757d58ee3a0eef37", "key": "references"}, {"hash": "f02e786e99819d77f7b69e685f9e58ed", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "1a7fd965c4e7dc9a6c6665ca4ba813c2", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "7fa23962b521d8ba518644263d7fae05", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b5d48c92a775d5e1c502b08a376b9685", "key": "sourceData"}, {"hash": "007ee428aad871f8c7bb6538b9455fa5", "key": "title"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=24162", "id": "FEDORA_2006-863.NASL", "lastseen": "2016-09-26T17:24:40", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "24162", "published": "2007-01-17T00:00:00", "references": ["http://www.nessus.org/u?90802964"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-863.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24162);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:46:27 $\");\n\n script_xref(name:\"FEDORA\", value:\"2006-863\");\n\n script_name(english:\"Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security issue in the mod_rewrite module.\n\nMark Dowd of McAfee Avert Labs reported an off-by-one security problem\nin the LDAP scheme handling of the mod_rewrite module. Where\nRewriteEngine was enabled, and for certain RewriteRules, this could\nlead to a pointer being written out of bounds. (CVE-2006-3747)\n\nThe ability to exploit this issue is dependent on the stack layout for\na particular compiled version of mod_rewrite. The Fedora project has\nanalyzed Fedora Core 4 and 5 binaries and determined that these\ndistributions are vulnerable to this issue. However this flaw does not\naffect a default installation of Fedora Core; users who do not use, or\nhave not enabled, the Rewrite module are not affected by this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000463.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90802964\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"httpd-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-debuginfo-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-devel-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-manual-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mod_ssl-2.2.2-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "title": "Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:40"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "85ce50fbcc0b9d675ffe0bae833f96d7"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "7fa23962b521d8ba518644263d7fae05"}, {"key": "href", "hash": "f02e786e99819d77f7b69e685f9e58ed"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "1a7fd965c4e7dc9a6c6665ca4ba813c2"}, {"key": "published", "hash": "1dc45e39ced2ae0d31df7697759858e5"}, {"key": "references", "hash": "5283b2e4baca7bf6757d58ee3a0eef37"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "2a6ef11f76161d2aa49e8ee0e8a8c181"}, {"key": "title", "hash": "007ee428aad871f8c7bb6538b9455fa5"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "801fe8ece4daaf5c35f40f0acd575335d526e243b50206b8b8d101f87161ff73", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-863.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24162);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 23:19:05\");\n\n script_xref(name:\"FEDORA\", value:\"2006-863\");\n\n script_name(english:\"Fedora Core 5 : httpd-2.2.2-1.2 (2006-863)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security issue in the mod_rewrite module.\n\nMark Dowd of McAfee Avert Labs reported an off-by-one security problem\nin the LDAP scheme handling of the mod_rewrite module. Where\nRewriteEngine was enabled, and for certain RewriteRules, this could\nlead to a pointer being written out of bounds. (CVE-2006-3747)\n\nThe ability to exploit this issue is dependent on the stack layout for\na particular compiled version of mod_rewrite. The Fedora project has\nanalyzed Fedora Core 4 and 5 binaries and determined that these\ndistributions are vulnerable to this issue. However this flaw does not\naffect a default installation of Fedora Core; users who do not use, or\nhave not enabled, the Rewrite module are not affected by this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000463.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90802964\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"httpd-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-debuginfo-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-devel-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"httpd-manual-2.2.2-1.2\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"mod_ssl-2.2.2-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "24162", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"]}