Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-177-1.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
8
JSON

Apache did not honour the ‘SSLVerifyClient require’ directive within a <Location> block if the surrounding <VirtualHost> block contained a directive ‘SSLVerifyClient optional’. This allowed clients to bypass client certificate validation on servers with the above configuration.
(CAN-2005-2700)

Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.
(CAN-2005-2728)

The updated libapache-mod-ssl also fixes two older Denial of Service vulnerabilities: A format string error in the ssl_log() function which could be exploited to crash the server (CAN-2004-0700), and a flaw in the SSL cipher negotiation which could be exploited to terminate a session (CAN-2004-0885). Please note that Apache 1.3 and libapache-mod-ssl are not officially supported (they are in the ‘universe’ component of the Ubuntu archive).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-177-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20587);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2004-0700", "CVE-2004-0885", "CVE-2005-2700", "CVE-2005-2728");
  script_xref(name:"USN", value:"177-1");

  script_name(english:"Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Apache did not honour the 'SSLVerifyClient require' directive within a
<Location> block if the surrounding <VirtualHost> block contained a
directive 'SSLVerifyClient optional'. This allowed clients to bypass
client certificate validation on servers with the above configuration.
(CAN-2005-2700)

Filip Sneppe discovered a Denial of Service vulnerability in the byte
range filter handler. By requesting certain large byte ranges, a
remote attacker could cause memory exhaustion in the server.
(CAN-2005-2728)

The updated libapache-mod-ssl also fixes two older Denial of Service
vulnerabilities: A format string error in the ssl_log() function which
could be exploited to crash the server (CAN-2004-0700), and a flaw in
the SSL cipher negotiation which could be exploited to terminate a
session (CAN-2004-0885). Please note that Apache 1.3 and
libapache-mod-ssl are not officially supported (they are in the
'universe' component of the Ubuntu archive).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-ssl-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/09/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"apache2", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-common", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-doc", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-perchild", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-prefork", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-threadpool", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-worker", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-prefork-dev", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-threaded-dev", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapache-mod-ssl", pkgver:"2.8.18-1ubuntu1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapache-mod-ssl-doc", pkgver:"2.8.18-1ubuntu1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapr0", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapr0-dev", pkgver:"2.0.50-12ubuntu4.8")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-common", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-doc", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-perchild", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-prefork", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-threadpool", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-worker", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-prefork-dev", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-threaded-dev", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-utils", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapache-mod-ssl", pkgver:"2.8.22-1ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapache-mod-ssl-doc", pkgver:"2.8.22-1ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapr0", pkgver:"2.0.53-5ubuntu5.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapr0-dev", pkgver:"2.0.53-5ubuntu5.3")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-perchild / etc");
}
VendorProductVersionCPE
canonicalubuntu_linux4.10cpe:/o:canonical:ubuntu_linux:4.10
canonicalubuntu_linux5.04cpe:/o:canonical:ubuntu_linux:5.04
canonicalubuntu_linuxapache2-mpm-perchildp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild
canonicalubuntu_linuxapache2-mpm-preforkp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork
canonicalubuntu_linuxapache2-mpm-workerp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker
canonicalubuntu_linuxlibapr0p-cpe:/a:canonical:ubuntu_linux:libapr0
canonicalubuntu_linuxapache2p-cpe:/a:canonical:ubuntu_linux:apache2
canonicalubuntu_linuxapache2-commonp-cpe:/a:canonical:ubuntu_linux:apache2-common
canonicalubuntu_linuxapache2-docp-cpe:/a:canonical:ubuntu_linux:apache2-doc
canonicalubuntu_linuxapache2-prefork-devp-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev
Rows per page:
1-10 of 161

Related

ubuntu 1
nessus 38
redhat 7
centos 2
openvas 54
suse 5
osv 3
debian 6
cve 4
ubuntucve 4
f5 7
freebsd 2
httpd 3
debiancve 3
gentoo 3
checkpoint_advisories 1
cert 1
slackware 3
securityvulns 1
altlinux 3
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00
nessus
nessus
CentOS 3 / 4 : httpd (CESA-2005:608)
2006-07-03 00:00:00
Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)
2005-10-05 00:00:00
Fedora Core 3 : httpd-2.0.53-3.3 (2005-848)
2005-09-17 00:00:00
redhat
redhat
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
(RHSA-2004:408) mod_ssl security update
2004-09-07 00:00:00
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
centos
centos
httpd, mod_ssl security update
2005-09-06 15:58:02
mod_ssl security update
2005-09-16 00:34:35
openvas
openvas
SLES9: Security update for Apache2
2009-10-10 00:00:00
SLES9: Security update for Apache2
2009-10-10 00:00:00
Debian: Security Advisory (DSA-805-1)
2008-01-17 00:00:00
suse
suse
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
remote system compromise in xshared, XFree86-libs, xorg-x11-libs
2004-11-17 16:17:43
osv
osv
apache2 - several
2005-09-08 00:00:00
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
libapache-mod-ssl - several vulnerabilities
2004-07-27 00:00:00
debian
debian
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
cve
cve
CVE-2004-0700
2004-07-27 04:00:00
CVE-2004-0885
2004-11-03 05:00:00
CVE-2005-2700
2005-09-06 23:03:00
ubuntucve
ubuntucve
CVE-2004-0700
2004-07-27 00:00:00
CVE-2004-0885
2004-11-03 00:00:00
CVE-2005-2700
2005-09-06 00:00:00
f5
f5
K5534 : Apache mod_proxy message format vulnerability CAN-2004-0700
2013-03-28 00:00:00
K000138508 : mod_ssl vulnerability CVE-2004-0700
2024-02-06 00:00:00
SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700
2007-05-16 00:00:00
freebsd
freebsd
apache13-modssl -- format string vulnerability in proxy support
2004-07-16 00:00:00
mod_ssl -- SSLCipherSuite bypass
2004-10-01 00:00:00
httpd
httpd
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
2004-10-01 00:00:00
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
2005-08-30 00:00:00
Apache Httpd < 2.0.55 : Byterange filter DoS
2005-07-07 00:00:00
debiancve
debiancve
CVE-2004-0885
2004-11-03 05:00:00
CVE-2005-2700
2005-09-06 23:03:00
CVE-2005-2728
2005-08-30 11:45:00
gentoo
gentoo
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
2004-10-21 00:00:00
Apache 2.0: Denial of Service vulnerability
2005-08-25 00:00:00
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Byte-Range Filter Denial of Service (CVE-2005-2728)
2010-07-25 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
slackware
slackware
mod_ssl
2005-09-08 15:54:45
[slackware-security] apache, mod_ssl, php
2004-10-26 00:40:01
slackware-current security updates
2005-09-08 15:55:02
securityvulns
securityvulns
mod_ssl &quot;SSLVerifyClient&quot; Security Bypass Security Issue
2005-09-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.0.52-alt3
2004-12-27 00:00:00
JSON
Related for UBUNTU_USN-177-1.NASL
ubuntu1nessus38redhat7centos2openvas54suse5osv3debian6cve4ubuntucve4f57freebsd2httpd3debiancve3gentoo3checkpoint_advisories1cert1slackware3securityvulns1altlinux3