Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2004-046.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
34
JSON

Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches.

Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020).

mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a ‘AuthDigestRealmSeed’ secret exposed as an MD5 checksum (CVE-2003-0987).

mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993).

Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix.

Update :

Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2004:046. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14145);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-1082");
  script_xref(name:"MDKSA", value:"2004:046-1");

  script_name(english:"Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Four security vulnerabilities were fixed with the 1.3.31 release of
Apache. All of these issues have been backported and applied to the
provided packages. Thanks to Ralf Engelschall of OpenPKG for providing
the patches.

Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences
from its error logs. This could make it easier for attackers to insert
those sequences into the terminal emulators of administrators viewing
the error logs that contain vulnerabilities related to escape sequence
handling (CVE-2003-0020).

mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the
nonce of a client response by using an AuthNonce secret. Apache now
verifies the nonce returned in the client response to check whether it
was issued by itself by means of a 'AuthDigestRealmSeed' secret
exposed as an MD5 checksum (CVE-2003-0987).

mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian
64-bit platforms, did not properly parse Allow/Deny rules using IP
addresses without a netmask. This could allow a remote attacker to
bypass intended access restrictions (CVE-2003-0993).

Apache 1.3 prior to 1.3.30, when using multiple listening sockets on
certain platforms, allows a remote attacker to cause a DoS by blocking
new connections via a short-lived connection on a rarely-accessed
listening socket (CVE-2004-0174). While this particular vulnerability
does not affect Linux, we felt it prudent to include the fix.

Update :

Due to the changes in mod_digest.so, mod_perl needed to be rebuilt
against the patched Apache packages in order for httpd-perl to
properly load the module. The appropriate mod_perl packages have been
rebuilt and are now available."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:HTML-Embperl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mod_perl-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", reference:"HTML-Embperl-1.3.29_1.3.6-3.1.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"apache-mod_perl-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"mod_perl-common-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"mod_perl-devel-1.3.29_1.29-3.1.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"HTML-Embperl-1.3.27_1.3.4-7.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache-mod_perl-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-common-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"mod_perl-devel-1.3.27_1.27-7.1.91mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.2", reference:"HTML-Embperl-1.3.28_1.3.4-1.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"apache-mod_perl-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"mod_perl-common-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", reference:"mod_perl-devel-1.3.28_1.28-1.1.92mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxhtml-embperlp-cpe:/a:mandriva:linux:html-embperl
mandrivalinuxapache-mod_perlp-cpe:/a:mandriva:linux:apache-mod_perl
mandrivalinuxmod_perl-commonp-cpe:/a:mandriva:linux:mod_perl-common
mandrivalinuxmod_perl-develp-cpe:/a:mandriva:linux:mod_perl-devel
mandrakesoftmandrake_linux10.0cpe:/o:mandrakesoft:mandrake_linux:10.0
mandrakesoftmandrake_linux9.1cpe:/o:mandrakesoft:mandrake_linux:9.1
mandrakesoftmandrake_linux9.2cpe:/o:mandrakesoft:mandrake_linux:9.2

Related

openvas 16
nessus 31
slackware 1
gentoo 1
suse 5
cve 6
altlinux 3
f5 2
freebsd 1
ubuntucve 4
httpd 6
debiancve 2
cert 2
seebug 3
packetstorm 2
securityvulns 4
redhat 2
exploitpack 1
exploitdb 1
openvas
openvas
Gentoo Security Advisory GLSA 200405-22 (Apache)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200405-22 (Apache)
2008-09-24 00:00:00
Slackware Advisory SSA:2004-133-01 apache
2012-09-11 00:00:00
nessus
nessus
GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities
2004-08-30 00:00:00
Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)
2005-07-13 00:00:00
Solaris 8 (x86) : 116974-07
2004-10-17 00:00:00
slackware
slackware
apache
2004-05-12 16:54:58
gentoo
gentoo
Apache 1.3: Multiple vulnerabilities
2004-05-26 00:00:00
suse
suse
remote file creation in kdelibs/kdelibs3
2004-05-26 11:35:37
remote command execution in cvs
2004-06-09 13:52:11
remote code execution in cvs
2004-04-14 15:54:44
cve
cve
CVE-2003-0987
2004-03-03 05:00:00
CVE-2003-0993
2004-03-29 05:00:00
CVE-2003-0020
2003-03-18 05:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.0.40-21
2003-02-24 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.0.40-21
2003-02-24 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.40-21
2003-02-24 00:00:00
f5
f5
K5576 : Authentication vulnerability in Apache mod_digest - CAN-2003-0987
2013-03-28 00:00:00
SOL5576 - Authentication vulnerability in Apache mod_digest - CAN-2003-0987
2007-05-16 00:00:00
freebsd
freebsd
Apache 1.3 IP address access control failure on some 64-bit platforms
2004-03-07 00:00:00
ubuntucve
ubuntucve
CVE-2003-0993
2004-03-29 00:00:00
CVE-2003-0020
2003-03-18 00:00:00
CVE-2003-0987
2004-03-03 00:00:00
httpd
httpd
Apache Httpd < 1.3.31 : Error log escape filtering
2003-02-24 00:00:00
Apache Httpd < 2.0.49 : Error log escape filtering
2003-02-24 00:00:00
Apache Httpd < 1.3.31 : mod_digest nonce checking
2003-12-18 00:00:00
debiancve
debiancve
CVE-2003-0020
2003-03-18 05:00:00
CVE-2003-0083
2003-04-02 05:00:00
cert
cert
Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections
2004-03-24 00:00:00
Apache vulnerable to DoS
2003-04-08 00:00:00
seebug
seebug
jetty 6.x - 7.x xss information disclosure injection
2009-10-26 00:00:00
jetty 6.x - 7.x xss, information disclosure, injection
2014-07-01 00:00:00
jetty 6.x - 7.x xss information disclosure injection
2009-10-26 00:00:00
packetstorm
packetstorm
Jetty 6.x / 7.x Information Disclosure / XSS
2009-10-26 00:00:00
Nginx, Varnish, Cherokee, etc Log Injection
2010-01-11 00:00:00
securityvulns
securityvulns
SUSE Security Announcement: cvs &#40;SuSE-SA:2004:008&#41;
2004-04-15 00:00:00
Jetty 6.x and 7.x Multiple Vulnerabilities
2009-10-26 00:00:00
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
2010-01-12 00:00:00
redhat
redhat
(RHSA-2003:244) apache security update
2003-09-22 00:00:00
(RHSA-2004:600) apache, mod_ssl security update
2004-12-13 00:00:00
exploitpack
exploitpack
jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection
2009-10-26 00:00:00
exploitdb
exploitdb
jetty 6.x &lt; 7.x - Cross-Site Scripting / Information Disclosure / Injection
2009-10-26 00:00:00
JSON
Related for MANDRAKE_MDKSA-2004-046.NASL
openvas16nessus31slackware1gentoo1suse5cve6altlinux3f52freebsd1ubuntucve4httpd6debiancve2cert2seebug3packetstorm2securityvulns4redhat2exploitpack1exploitdb1