Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2009-124.NASL
HistoryJun 01, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : apache (MDVSA-2009:124-1)

2009-06-0100:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

Multiple vulnerabilities has been found and corrected in apache :

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678).
Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).

This update provides fixes for these vulnerabilities.

Update :

The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was incomplete, this update addresses the problem.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2009:124. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(39761);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-1678", "CVE-2008-2939", "CVE-2009-1195");
  script_bugtraq_id(30560, 31692, 35115);
  script_xref(name:"MDVSA", value:"2009:124-1");

  script_name(english:"Mandriva Linux Security Advisory : apache (MDVSA-2009:124-1)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in apache :

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP
Server mod_ssl that specify a compression algorithm (CVE-2008-1678).
Note that this security issue does not really apply as zlib
compression is not enabled in the openssl build provided by Mandriva,
but apache is patched to address this issue anyway (conserns 2008.1
only).

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via
wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this
security issue was initially addressed with MDVSA-2008:195 but the
patch fixing the issue was added but not applied in 2009.0.

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file
(CVE-2009-1195).

This update provides fixes for these vulnerabilities.

Update :

The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was
incomplete, this update addresses the problem."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(16, 79, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-htcacheclean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_deflate");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_disk_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_file_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_mem_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_userdir");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-itk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-source");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.1", reference:"apache-base-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-devel-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-htcacheclean-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_authn_dbd-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_cache-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_dav-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_dbd-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_deflate-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_disk_cache-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_file_cache-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_ldap-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_mem_cache-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_proxy-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_proxy_ajp-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_ssl-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mod_userdir-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-modules-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mpm-event-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mpm-itk-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mpm-prefork-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-mpm-worker-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"apache-source-2.2.8-6.4mdv2008.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxapache-basep-cpe:/a:mandriva:linux:apache-base
mandrivalinuxapache-develp-cpe:/a:mandriva:linux:apache-devel
mandrivalinuxapache-htcachecleanp-cpe:/a:mandriva:linux:apache-htcacheclean
mandrivalinuxapache-mod_authn_dbdp-cpe:/a:mandriva:linux:apache-mod_authn_dbd
mandrivalinuxapache-mod_cachep-cpe:/a:mandriva:linux:apache-mod_cache
mandrivalinuxapache-mod_davp-cpe:/a:mandriva:linux:apache-mod_dav
mandrivalinuxapache-mod_dbdp-cpe:/a:mandriva:linux:apache-mod_dbd
mandrivalinuxapache-mod_deflatep-cpe:/a:mandriva:linux:apache-mod_deflate
mandrivalinuxapache-mod_disk_cachep-cpe:/a:mandriva:linux:apache-mod_disk_cache
mandrivalinuxapache-mod_file_cachep-cpe:/a:mandriva:linux:apache-mod_file_cache
Rows per page:
1-10 of 231

Related

securityvulns 6
openvas 83
nessus 48
centos 2
oraclelinux 2
redhat 5
httpd 3
cert 1
checkpoint_advisories 3
debiancve 4
cve 4
freebsd 2
veracode 3
seebug 5
ubuntucve 4
prion 4
debian 1
ubuntu 2
packetstorm 1
f5 2
fedora 2
altlinux 7
gentoo 2
suse 1
slackware 1
kaspersky 1
securityvulns
securityvulns
[ MDVSA-2009:124 ] apache
2009-06-01 00:00:00
Apache mod_proxy_ftp crossite scripting
2008-08-07 00:00:00
Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
2008-08-07 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:124 (apache)
2009-06-05 00:00:00
Mandrake Security Advisory MDVSA-2009:124 (apache)
2009-06-05 00:00:00
Mandrake Security Advisory MDVSA-2009:124-1 (apache)
2009-07-15 00:00:00
nessus
nessus
RHEL 5 : httpd (RHSA-2009:1075)
2009-05-28 00:00:00
CentOS 5 : httpd (CESA-2009:1075)
2010-01-06 00:00:00
Oracle Linux 5 : httpd (ELSA-2009-1075)
2013-07-12 00:00:00
centos
centos
httpd, mod_ssl security update
2009-05-28 17:08:08
httpd, mod_ssl security update
2008-11-11 20:45:50
oraclelinux
oraclelinux
httpd security update
2009-05-27 00:00:00
httpd security and bug fix update
2008-11-11 00:00:00
redhat
redhat
(RHSA-2009:1075) Moderate: httpd security update
2009-05-27 00:00:00
(RHSA-2008:0967) Moderate: httpd security and bug fix update
2008-11-11 00:00:00
(RHSA-2008:0966) Moderate: Red Hat Application Stack v2.2 security and enhancement update
2008-12-04 00:00:00
httpd
httpd
Apache Httpd < 2.2.10 : mod_proxy_ftp globbing XSS
2008-07-28 00:00:00
Apache Httpd < 2.0.64 : mod_proxy_ftp globbing XSS
2008-07-28 00:00:00
Apache Httpd < 2.2.12 : AllowOverride Options handling bypass
2009-03-09 00:00:00
cert
cert
Apache mod_proxy_ftp XSS vulnerability
2008-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Update protection against Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross Site Scripting
2008-09-19 00:00:00
Update Protection against Apache mod_proxy_ftp XSS Vulnerability
2008-09-19 00:00:00
Apache Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting (CVE-2008-2939)
2009-09-30 00:00:00
debiancve
debiancve
CVE-2008-2939
2008-08-06 18:41:00
CVE-2008-1678
2008-07-10 17:41:00
CVE-2009-1195
2009-05-28 20:30:00
cve
cve
CVE-2008-2939
2008-08-06 18:41:00
CVE-2008-1678
2008-07-10 17:41:00
CVE-2009-1195
2009-05-28 20:30:00
freebsd
freebsd
apache -- Cross-site scripting vulnerability
2008-07-25 00:00:00
apache22 -- several vulnerabilities
2009-07-28 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:29:44
Denial Of Service (DoS)
2020-04-10 00:33:34
Privilege Escalation
2020-04-10 00:33:35
seebug
seebug
Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞
2008-08-08 00:00:00
IBM HTTP Server mod_proxy_ftp 跨站脚本漏洞
2009-02-16 00:00:00
OpenSSL 'zlib'压缩内存泄漏远程拒绝服务漏洞
2008-10-16 00:00:00
ubuntucve
ubuntucve
CVE-2008-2939
2008-08-06 00:00:00
CVE-2008-1678
2008-07-10 00:00:00
CVE-2009-1195
2009-05-28 00:00:00
prion
prion
Cross site scripting
2008-08-06 18:41:00
Memory corruption
2008-07-10 17:41:00
Design/Logic Flaw
2009-05-28 20:30:00
debian
debian
[SECURITY] [DSA 1816-1] New apache2 packages fix privilege escalation
2009-06-16 19:56:30
ubuntu
ubuntu
Apache vulnerabilities
2009-03-10 00:00:00
Apache vulnerabilities
2009-06-11 00:00:00
packetstorm
packetstorm
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
f5
f5
SOL15405 - OpenSSL 0.9.8l vulnerability CVE-2009-4355
2014-07-10 00:00:00
K15405 : OpenSSL 0.9.8l vulnerability CVE-2009-4355
2014-07-10 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9
2008-08-07 23:48:09
[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11
2009-08-31 23:39:38
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
gentoo
gentoo
Apache: Denial of service
2008-07-09 00:00:00
Apache: Multiple vulnerabilities
2009-07-12 00:00:00
suse
suse
potential code execution in apache2,libapr1
2009-10-26 13:21:56
slackware
slackware
httpd
2009-08-02 15:33:03
kaspersky
kaspersky
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
JSON
Related for MANDRIVA_MDVSA-2009-124.NASL
securityvulns6openvas83nessus48centos2oraclelinux2redhat5httpd3cert1checkpoint_advisories3debiancve4cve4freebsd2veracode3seebug5ubuntucve4prion4debian1ubuntu2packetstorm1f52fedora2altlinux7gentoo2suse1slackware1kaspersky1