Lucene search
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.SLACKWARE_SSA_2004-305-01.NASLHistoryJul 13, 2005 - 12:00 a.m.
Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache+mod_ssl (SSA:2004-305-01)
2005-07-1300:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
22
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
46.9%
New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix a security issue. Apache has been upgraded to version 1.3.33 which fixes a buffer overflow which may allow local users to execute arbitrary code as the apache user. The mod_ssl package has also been upgraded to version 2.8.22_1.3.33.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory 2004-305-01. The text
# itself is copyright (C) Slackware Linux, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(18788);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2004-0940");
script_xref(name:"SSA", value:"2004-305-01");
script_name(english:"Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache+mod_ssl (SSA:2004-305-01)");
script_summary(english:"Checks for updated packages in /var/log/packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Slackware host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
and -current to fix a security issue. Apache has been upgraded to
version 1.3.33 which fixes a buffer overflow which may allow local
users to execute arbitrary code as the apache user. The mod_ssl
package has also been upgraded to version 2.8.22_1.3.33."
);
# http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.533785
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?bbba9317"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected apache and / or mod_ssl packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:apache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
script_set_attribute(attribute:"patch_publication_date", value:"2004/11/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Slackware Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("slackware.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
flag = 0;
if (slackware_check(osver:"8.1", pkgname:"apache", pkgver:"1.3.33", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"8.1", pkgname:"mod_ssl", pkgver:"2.8.22_1.3.33", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.0", pkgname:"apache", pkgver:"1.3.33", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.0", pkgname:"mod_ssl", pkgver:"2.8.22_1.3.33", pkgarch:"i386", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.1", pkgname:"apache", pkgver:"1.3.33", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"9.1", pkgname:"mod_ssl", pkgver:"2.8.22_1.3.33", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"10.0", pkgname:"apache", pkgver:"1.3.33", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"10.0", pkgname:"mod_ssl", pkgver:"2.8.22_1.3.33", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", pkgname:"apache", pkgver:"1.3.33", pkgarch:"i486", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", pkgname:"mod_ssl", pkgver:"2.8.22_1.3.33", pkgarch:"i486", pkgnum:"1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| slackware | slackware_linux | apache | p-cpe:/a:slackware:slackware_linux:apache |
| slackware | slackware_linux | mod_ssl | p-cpe:/a:slackware:slackware_linux:mod_ssl |
| slackware | slackware_linux | cpe:/o:slackware:slackware_linux | |
| slackware | slackware_linux | 10.0 | cpe:/o:slackware:slackware_linux:10.0 |
| slackware | slackware_linux | 8.1 | cpe:/o:slackware:slackware_linux:8.1 |
| slackware | slackware_linux | 9.0 | cpe:/o:slackware:slackware_linux:9.0 |
| slackware | slackware_linux | 9.1 | cpe:/o:slackware:slackware_linux:9.1 |
Related
ubuntucve
ubuntucve
CVE-2004-0940
2005-02-09 00:00:00
nessus
nessus
GLSA-200411-03 : Apache 1.3: Buffer overflow vulnerability in mod_include
2004-11-02 00:00:00
Apache mod_include get_tag() Function Local Overflow
2004-10-25 00:00:00
FreeBSD : apache mod_include buffer overflow vulnerability (11)
2004-11-23 00:00:00
freebsd
freebsd
apache mod_include buffer overflow vulnerability
2004-10-22 00:00:00
cve
cve
CVE-2004-0940
2005-02-09 05:00:00
f5
f5
Buffer overflow in mod_include - CAN-2004-0940
2007-05-17 04:00:00
osv
osv
apache - buffer overflows
2004-11-17 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-03 (apache)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200411-03 (apache)
2008-09-24 00:00:00
Apache mod_include privilege escalation
2005-11-03 00:00:00
gentoo
gentoo
Apache 1.3: Buffer overflow vulnerability in mod_include
2004-11-02 00:00:00
debian
debian
[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution
2004-11-17 12:05:54
[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution
2004-11-17 12:05:54
httpd
httpd
Apache Httpd < 1.3.33 : mod_include overflow
2004-10-21 00:00:00
nvd
nvd
CVE-2004-0940
2005-02-09 05:00:00
checkpoint_advisories
checkpoint_advisories
Apache mod_include Buffer Overflow (CVE-2004-0940)
2010-07-07 00:00:00
cvelist
cvelist
CVE-2004-0940
2004-10-26 04:00:00
slackware
slackware
[slackware-security] apache+mod_ssl
2004-11-01 08:00:31
suse
suse
remote system compromise in xshared, XFree86-libs, xorg-x11-libs
2004-11-17 16:17:43
potential remote buffer overflow in samba
2004-11-15 22:07:05
redhat
redhat
(RHSA-2004:600) apache, mod_ssl security update
2004-12-13 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
46.9%
Related for SLACKWARE_SSA_2004-305-01.NASL