Search...

Slackware Advisory SSA:2003-308-01 apache security update

2012-09-11T00:00:00

ID OPENVAS:53878
Type openvas
Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update as announced via advisory SSA:2003-308-01.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: esoft_slk_ssa_2003_308_01.nasl 6598 2017-07-07 09:36:44Z cfischer $
# Description: Auto-generated from the corresponding slackware advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Apache httpd is a hypertext transfer protocol server, and is used
by over two thirds of the Internet's web sites.

Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,
and -current.  These fix local vulnerabilities that could allow users
who can create or edit Apache config files to gain additional
privileges.  Sites running Apache should upgrade to the new packages.

In addition, new mod_ssl packages have been prepared for all platforms,
and new PHP packages have been prepared for Slackware 8.1, 9.0, and
- -current (9.1 already uses PHP 4.3.3).  In -current, these packages
also move the Apache module directory from /usr/libexec to
/usr/libexec/apache.  Links for all of these related packages are
provided below.";
tag_summary = "The remote host is missing an update as announced
via advisory SSA:2003-308-01.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-308-01";
                                                                                
if(description)
{
 script_id(53878);
 script_tag(name:"creation_date", value:"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $");
 script_bugtraq_id(9504, 8911);
 script_cve_id("CVE-2003-0542");
 script_tag(name:"cvss_base", value:"7.2");
 script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
 script_version("$Revision: 6598 $");
 name = "Slackware Advisory SSA:2003-308-01 apache security update ";
 script_name(name);



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
 script_family("Slackware Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-slack.inc");
vuln = 0;
if(isslkpkgvuln(pkg:"apache", ver:"1.3.29-i386-1", rls:"SLK8.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"mod_ssl", ver:"2.8.16_1.3.29-i386-1", rls:"SLK8.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"php", ver:"4.3.3-i386-1", rls:"SLK8.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"apache", ver:"1.3.29-i386-1", rls:"SLK9.0")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"mod_ssl", ver:"2.8.16_1.3.29-i386-1", rls:"SLK9.0")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"php", ver:"4.3.3-i386-1", rls:"SLK9.0")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"apache", ver:"1.3.29-i486-1", rls:"SLK9.1")) {
    vuln = 1;
}
if(isslkpkgvuln(pkg:"mod_ssl", ver:"2.8.16_1.3.29-i486-1", rls:"SLK9.1")) {
    vuln = 1;
}

if(vuln) {
    security_message(0);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:53878", "type": "openvas", "bulletinFamily": "scanner", "title": "Slackware Advisory SSA:2003-308-01 apache security update", "description": "The remote host is missing an update as announced\nvia advisory SSA:2003-308-01.", "published": "2012-09-11T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53878", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2003-0542"], "lastseen": "2017-07-24T12:51:18", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-07-24T12:51:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0542"]}, {"type": "redhat", "idList": ["RHSA-2004:015", "RHSA-2003:360"]}, {"type": "slackware", "idList": ["SSA-2003-308-01"]}, {"type": "osvdb", "idList": ["OSVDB:2733", "OSVDB:7611"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:7849", "SECURITYVULNS:DOC:5539"]}, {"type": "gentoo", "idList": ["GLSA-200310-04", "GLSA-200310-03"]}, {"type": "httpd", "idList": ["HTTPD:44DE1C11AB1C5F3355CD333F817BA9F3", "HTTPD:BF91960D1C394323C3E60B7A1E3A9672", "HTTPD:04E27235B076B98F9191AAA4AF148F2F"]}, {"type": "nessus", "idList": ["SLACKWARE_SSA_2003-308-01.NASL", "REDHAT-RHSA-2004-015.NASL", "REDHAT-RHSA-2003-360.NASL", "SOLARIS9_113146.NASL", "APACHE_1_3_29.NASL", "SOLARIS8_116973.NASL", "SOLARIS9_X86_114145.NASL", "MANDRAKE_MDKSA-2003-103.NASL", "APACHE_2_0_48.NASL", "FEDORA_2003-004.NASL"]}, {"type": "f5", "idList": ["F5:K3144", "SOL3144"]}, {"type": "openvas", "idList": ["OPENVAS:835103", "OPENVAS:136141256231053878", "OPENVAS:54499", "OPENVAS:54498", "OPENVAS:1361412562310835103"]}, {"type": "cert", "idList": ["VU:434566", "VU:549142"]}], "modified": "2017-07-24T12:51:18", "rev": 2}, "vulnersScore": 7.2}, "pluginID": "53878", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2003_308_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache httpd is a hypertext transfer protocol server, and is used\nby over two thirds of the Internet's web sites.\n\nUpgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,\nand -current. These fix local vulnerabilities that could allow users\nwho can create or edit Apache config files to gain additional\nprivileges. Sites running Apache should upgrade to the new packages.\n\nIn addition, new mod_ssl packages have been prepared for all platforms,\nand new PHP packages have been prepared for Slackware 8.1, 9.0, and\n- -current (9.1 already uses PHP 4.3.3). In -current, these packages\nalso move the Apache module directory from /usr/libexec to\n/usr/libexec/apache. Links for all of these related packages are\nprovided below.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2003-308-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-308-01\";\n \nif(description)\n{\n script_id(53878);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_bugtraq_id(9504, 8911);\n script_cve_id(\"CVE-2003-0542\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2003-308-01 apache security update \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.16_1.3.29-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"4.3.3-i386-1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.16_1.3.29-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"php\", ver:\"4.3.3-i386-1\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.16_1.3.29-i486-1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Slackware Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:33:02", "description": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.", "edition": 5, "cvss3": {}, "published": "2003-11-03T05:00:00", "title": "CVE-2003-0542", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0542"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.3", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:1.3.6", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:1.3.28", "cpe:/a:apache:http_server:1.3.14", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:http_server:1.3.1", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:1.3.4", "cpe:/a:apache:http_server:1.3.12", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:1.3", "cpe:/a:apache:http_server:1.3.11", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:2.0.42", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:1.3.9"], "id": "CVE-2003-0542", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0542", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0542"], "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue in the handling of regular expressions from configuration files\nwas discovered in releases of the Apache HTTP Server version 1.3 prior to\n1.3.29. To exploit this issue an attacker would need to have the ability\nto write to Apache configuration files such as .htaccess or httpd.conf. A\ncarefully-crafted configuration file can cause an exploitable buffer\noverflow and would allow the attacker to execute arbitrary code in the\ncontext of the server (in default configurations as the 'apache' user).\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0542 to this issue.\n\nThis update also includes an alternative version of the httpd binary which\nsupports setting the MaxClients configuration directive to values above 256.\n\nAll users of the Apache HTTP Web Server are advised to upgrade to the\napplicable errata packages, which contain back-ported fixes correcting\nthe above security issue.\n\nNote that the instructions in the \"Solution\" section of this errata contain\nadditional steps required to complete the upgrade process.", "modified": "2018-03-14T19:25:46", "published": "2003-12-10T05:00:00", "id": "RHSA-2003:360", "href": "https://access.redhat.com/errata/RHSA-2003:360", "type": "redhat", "title": "(RHSA-2003:360) apache security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0542"], "description": "The Apache HTTP Server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue in the handling of regular expressions from configuration files\nwas discovered in releases of the Apache HTTP Server version 2.0 prior to\n2.0.48. To exploit this issue an attacker would need to have the ability\nto write to Apache configuration files such as .htaccess or httpd.conf. A\ncarefully-crafted configuration file can cause an exploitable buffer\noverflow and would allow the attacker to execute arbitrary code in the\ncontext of the server (in default configurations as the 'apache' user).\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0542 to this issue.\n\nUsers of the Apache HTTP Server should upgrade to these erratum packages,\nwhich contain backported patches correcting these issues, and are applied\nto Apache version 2.0.46. This update also includes fixes for a number of\nminor bugs found in this version of the Apache HTTP Server.", "modified": "2017-07-29T20:27:21", "published": "2004-01-13T05:00:00", "id": "RHSA-2004:015", "href": "https://access.redhat.com/errata/RHSA-2004:015", "type": "redhat", "title": "(RHSA-2004:015) httpd security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:07", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0542"], "description": "Apache httpd is a hypertext transfer protocol server, and is used\nby over two thirds of the Internet's web sites.\n\nUpgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,\nand -current. These fix local vulnerabilities that could allow users\nwho can create or edit Apache config files to gain additional\nprivileges. Sites running Apache should upgrade to the new packages.\n\nIn addition, new mod_ssl packages have been prepared for all platforms,\nand new PHP packages have been prepared for Slackware 8.1, 9.0, and\n- -current (9.1 already uses PHP 4.3.3). In -current, these packages\nalso move the Apache module directory from /usr/libexec to\n/usr/libexec/apache. Links for all of these related packages are\nprovided below.\n\nMore details about the Apache issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542\n\n\nHere are the details from the Slackware 9.1 ChangeLog:\n\nMon Nov 3 20:06:29 PST 2003\npatches/packages/apache-1.3.29-i486-1.tgz: Upgraded to apache-1.3.29.\n This fixes the following local security issue:\n o CAN-2003-0542 (cve.mitre.org)\n Fix buffer overflows in mod_alias and mod_rewrite which occurred if\n one configured a regular expression with more than 9 captures.\n This vulnerability requires the attacker to create or modify certain\n Apache configuration files, and is not a remote hole. However, it could\n possibly be used to gain additional privileges if access to the Apache\n administrator account can be gained through some other means. All sites\n running Apache should upgrade.\n (* Security fix *)\n\nWHERE TO FIND THE NEW PACKAGES:\n\nUpdated packages for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.29-i386-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.3-i386-1.tgz\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.29-i386-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.3-i386-1.tgz\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.29-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.16_1.3.29-i486-1.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.29-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.16_1.3.29-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.3-i486-3.tgz\n\n\nMD5 SIGNATURES:\n\nSlackware 8.1 packages:\n1a8190a214c052f0707bd5a6b005a7cd apache-1.3.29-i386-1.tgz\neb74afbc99295c01d418b576e92e83bb mod_ssl-2.8.16_1.3.29-i386-1.tgz\nb41a44c3ce2a3a09873b5d0930faf4c1 php-4.3.3-i386-1.tgz\n\nSlackware 9.0 packages:\nbb34ae622245f57bdca747ac5d8f73cf apache-1.3.29-i386-1.tgz\nc84af5778a5667a06a60a274f2fe1edb mod_ssl-2.8.16_1.3.29-i386-1.tgz\n7660e36f2cfb30cc339734369cca7719 php-4.3.3-i386-1.tgz\n\nSlackware 9.1 packages:\n9b494bb3f03cb4a4cb8c28f4fcc76666 apache-1.3.29-i486-1.tgz\n938412e01daf55fee37293a5790d907f mod_ssl-2.8.16_1.3.29-i486-1.tgz\n\nSlackware -current packages:\n091c22d398c51fee820dd0d0b7d514e3 apache-1.3.29-i486-1.tgz\ncd260439c9f1373329ba2224ace0451d mod_ssl-2.8.16_1.3.29-i486-1.tgz\ncc90540cc07e840e5a0513ffbb308102 php-4.3.3-i486-3.tgz\n\n\nINSTALLATION INSTRUCTIONS:\n\nFirst, stop apache:\n\n > apachectl stop\n\nNext, upgrade these packages as root:\n\n > upgradepkg apache-1.3.29-i486-1.tgz\n > upgradepkg mod_ssl-2.8.16_1.3.29-i486-1.tgz\n > upgradepkg php-4.3.3-i486-3.tgz\n\nFinally, restart apache:\n\n > apachectl start\n\nOr, if you're running a secure server with mod_ssl:\n\n > apachectl startssl", "modified": "2003-11-04T16:48:11", "published": "2003-11-04T16:48:11", "id": "SSA-2003-308-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.559833", "type": "slackware", "title": "apache security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:02", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in Apache. The mod_alias module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.\n## Solution Description\nUpgrade to version 1.3.29 or higher or 2.048 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in Apache. The mod_alias module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.\n## References:\nVendor Specific Solution URL: ftp://ftp.openpkg.org/release/1.3/UPD/\nVendor Specific Solution URL: ftp://ftp.openpkg.org/release/1.2/UPD/\nVendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57496\nVendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114145&rev=02\nVendor Specific Solution URL: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/\nVendor Specific Solution URL: ftp://atualizacoes.conectiva.com.br/\nVendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/\nVendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/\nVendor Specific Solution URL: http://www.mandrakesecure.net/en/ftp.php\nVendor Specific Solution URL: http://httpd.apache.org/download.cgi\nVendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113146&rev=03\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=61798)\n[Vendor Specific Advisory URL](http://www.apache.org/dist/httpd/Announcement.html)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-3759.html)\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/misc/2003/TSL-2003-0041-apache.asc.txt)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/immunix_advisory-3751.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2003-360.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2003-405.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1)\n[Vendor Specific Advisory URL](http://www.apache.org/dist/httpd/Announcement2.html)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/http-//rhn.redhat.com/errata/RHSA-2003-320.html.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2004-015.html)\n[Secunia Advisory ID:10096](https://secuniaresearch.flexerasoftware.com/advisories/10096/)\n[Secunia Advisory ID:17311](https://secuniaresearch.flexerasoftware.com/advisories/17311/)\n[Secunia Advisory ID:10845](https://secuniaresearch.flexerasoftware.com/advisories/10845/)\n[Related OSVDB ID: 2733](https://vulners.com/osvdb/OSVDB:2733)\nRedHat RHSA: RHSA-2005:816\nOther Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=106761802305141&w=2\nOther Advisory URL: http://www.securityfocus.com/archive/1/342674\n[Nessus Plugin ID:11915](https://vulners.com/search?query=pluginID:11915)\n[Nessus Plugin ID:13662](https://vulners.com/search?query=pluginID:13662)\n[Nessus Plugin ID:12450](https://vulners.com/search?query=pluginID:12450)\n[CVE-2003-0542](https://vulners.com/cve/CVE-2003-0542)\nCERT VU: 549142\nCERT VU: 434566\nBugtraq ID: 8911\n", "modified": "2003-10-29T10:00:27", "published": "2003-10-29T10:00:27", "id": "OSVDB:7611", "href": "https://vulners.com/osvdb/OSVDB:7611", "title": "Apache HTTP Server mod_alias Local Overflow", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "edition": 1, "description": "## Vulnerability Description\nA local overflow exists in Apache. The mod_rewrite module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.\n## Solution Description\nUpgrade to version 1.3.29 or higher or 2.0.48 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in Apache. The mod_rewrite module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.\n## References:\nVendor URL: http://httpd.apache.org/\nVendor Specific Solution URL: ftp://ftp.openpkg.org/release/1.2/UPD/\nVendor Specific Solution URL: ftp://ftp.openpkg.org/release/1.3/UPD/\nVendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57496\nVendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114145&rev=02\nVendor Specific Solution URL: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/\nVendor Specific Solution URL: ftp://atualizacoes.conectiva.com.br/\nVendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/\nVendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/\nVendor Specific Solution URL: http://httpd.apache.org/download.cgi\nVendor Specific Solution URL: http://www.mandrakesecure.net/en/ftp.php\nVendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113146&rev=03\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=61798)\n[Vendor Specific Advisory URL](http://www.apache.org/dist/httpd/Announcement.html)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/engarde_advisory-3759.html)\n[Vendor Specific Advisory URL](http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/misc/2003/TSL-2003-0041-apache.asc.txt)\n[Vendor Specific Advisory URL](http://www.linuxsecurity.com/advisories/immunix_advisory-3751.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2003-320.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2003-360.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2003-405.html)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1)\n[Vendor Specific Advisory URL](http://www.apache.org/dist/httpd/Announcement2.html)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2004-015.html)\n[Secunia Advisory ID:10096](https://secuniaresearch.flexerasoftware.com/advisories/10096/)\n[Secunia Advisory ID:17311](https://secuniaresearch.flexerasoftware.com/advisories/17311/)\n[Secunia Advisory ID:10845](https://secuniaresearch.flexerasoftware.com/advisories/10845/)\n[Related OSVDB ID: 7611](https://vulners.com/osvdb/OSVDB:7611)\nRedHat RHSA: RHSA-2005:816\nOther Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=106761802305141&w=2\nOther Advisory URL: http://www.securityfocus.com/archive/1/342674\n[Nessus Plugin ID:11915](https://vulners.com/search?query=pluginID:11915)\n[Nessus Plugin ID:13662](https://vulners.com/search?query=pluginID:13662)\n[Nessus Plugin ID:12450](https://vulners.com/search?query=pluginID:12450)\n[CVE-2003-0542](https://vulners.com/cve/CVE-2003-0542)\nCERT VU: 549142\nCERT VU: 434566\nBugtraq ID: 8911\n", "modified": "2003-10-29T10:00:27", "published": "2003-10-29T10:00:27", "id": "OSVDB:2733", "href": "https://vulners.com/osvdb/OSVDB:2733", "title": "Apache HTTP Server mod_rewrite Local Overflow", "type": "osvdb", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:12", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "description": "------------------------\r\nNetSec Security Advisory\r\n------------------------\r\n\r\nVULNERABILITY DETAILS\r\n\r\nName: Multiple Vulnerabilities Resulting From Use Of Apple OSX\r\nHFS+ \r\nImpact: HIGH\r\nPlatform: Apple OS X (Darwin) <= 10.2\r\nMethod: Possible unauthorized access to file system data\r\nIdentifier: 07012005-01\r\n\r\n\r\nFORWARD:\r\n\r\nIn December 2004, NetSec released details of a vulnerability impacting\r\nsoftware running on versions of Apple OS X version 10.2 and greater.\r\nUnder OS X, userland applications are presented with two interface\r\nmethods to an underlying legacy HFS+ file system: resource and data\r\nstreams. Access of the individual streams from a file browser or shell\r\napplication permits users with appropriate access rights to retrieve\r\ninformation from the data fork (content) or resource fork (resources). \r\n\r\nThe risk associated with any unauthorized file data disclosure to remote\r\nusers is often significant. This is because users may access the source\r\ncode of server-side interpreted scripts that may contain embedded\r\ndatabase credentials, specify known paths to sensitive files (shell\r\ncommand history files for example), retrieve hidden files, and otherwise\r\nretrieve arbitrary file content. All of these exploitation scenarios may\r\nbypass default server access controls, unless requests for the data and\r\nresource forks are trapped prior to request forwarding.\r\n\r\nSubsequent research and testing, conducted by NetSec revealed at least\r\none method to leverage this 'feature' of the legacy HFS+ driver in OS X:\r\nweb services. The default configuration of several web server\r\napplications does not adequately prevent remote access to these\r\nprotected file system resources. Testing of other network-enabled\r\napplications did not result in the identification of other vectors;\r\nhowever any server application that does not proactively filter requests\r\nfor local file system resources may expose underlying HFS+ file systems\r\nto unauthorized remote access.\r\n\r\nIn the initial design requirements for the HFS file system, exporting\r\ndata across the network using a minimal abstraction layer was not\r\nconsidered. The targeted use for Apple systems pre - OS X has largely\r\nbeen desktop publishing, graphics, and other multimedia services. NetSec\r\nconsiders the emergence of this disclosure vulnerability evidence of\r\n"growing pains" associated with the recent Apple platform migration to\r\nBerkeley Unix (BSD).\r\n\r\nThe HFS+ file system is not recommended for dedicated servers, but is\r\nrequired to support numerous legacy Macintosh applications. At the time\r\nof this technical advisory, NetSec strongly recommends that\r\norganizations with public Internet-facing Apple servers consider\r\nmigration to the Berkeley Fast File System (FFS/UFS) option available in\r\nOS X.\r\n\r\nThe purpose of this security advisory is to increase community awareness\r\nof potential risks associated with the Apple HFS+ file system as\r\nimplemented under OS X. It should be noted that NetSec exercises\r\nresponsible disclosure policy and has been in close contact with all\r\nsoftware vendors referenced herein. Specific examples should not be\r\ninterpreted as the full extent of affected server applications. Please\r\ncontact NetSec at info@netsec.net or reply to this message if you have\r\nany additional questions about this issue.\r\n\r\n\r\nSUMMARY:\r\n\r\nApple's HFS and HFS+ file systems allows two seperate data streams for\r\neach file, referred to as the "data fork" and "resource fork". The\r\nclassic MacOS operating systems and Carbon API on MacOS X provide\r\nseparate functions for opening and manipulating the data and resource\r\nforks. In MacOS X, however, support for addressing these seperate\r\nstreams has been integrated into the POSIX API. In MacOS X 10.2 and\r\nabove, opening the file by its pathname opens the data fork, but the\r\ndata fork or resource fork may also be opened for a given file by\r\nrespectively appending "/..namedfork/data" or "/..namedfork/rsrc" to the\r\npathname passed to the open(2) system call. In previous versions, they\r\nmay be addressed by appending the special pathnames "/.__Fork/data" or\r\n"/.__Fork/rsrc". The resource fork may also be opened in most versions\r\nof MacOS X by appending "/rsrc" to the file pathname. \r\n\r\nDue to this feature being available throughout the operating system, via\r\nthe POSIX API, it is therefore available to any software involved in the\r\nopening of file streams via the open() syscall, such as a web server\r\nopening an html or PHP file present on the Darwin servers file system. \r\n\r\nAs a result, server daemons, such as web servers which open file\r\nstreams, based on user controlled data, may be fooled into opening the\r\nrespective files resource and/or file fork rather than the absolute file\r\nname. This may allow users to view arbitrary data, such as the source\r\ncode of server interpreted documents (such as PHP and JSP files). \r\n\r\n\r\nIMPACT:\r\n\r\nRemote users may be able to view arbitrary file data, including the\r\nsource code of server side documents, such as PHP JSP documents. This\r\ndata may contain sensitive information such as database usernames and\r\npasswords and/or disclose vulnerabilities to an attacker which can then\r\nbe leveraged to further attack the respective web application. \r\n\r\nIt should be noted that this issue extends to any server software\r\nrunning on the Darwin operating system, which is involved in the opening\r\nof file streams, based on user input.\r\n\r\n\r\nVENDOR STATUS:\r\n\r\nNetSec have been in touch with several software vendors, whose products\r\nare affected by the OSX kernel feature.\r\n\r\n-------------------------------------\r\nApache Foundation (Apache Web Server)\r\n-------------------------------------\r\n\r\nThe Apache Foundations HTTPD server project is known to be vulnerable to\r\nthe issues resulting from the use of the Apple OSX HFS+ file system.\r\nUsers of OSX, who have not modified the default Apache configuration\r\nfile (httpd.conf) can install a mod_rewrite work around through\r\ninstalling the OSX update, made available by Apple in December 2004.\r\nSee: http://docs.info.apple.com/article.html?artnum=300422 for more\r\ninformation.\r\n\r\nUsers using Apache to serve files from an HFS+ file system, who have\r\nmodified the configuration file by hand (such as default users of OSX\r\n10, who have made changes to the Apache configuration) can add the\r\nfollowing mod_rewrite rule to their httpd.conf as a work-around to the\r\nissues inherent to the use of an HFS+ file system as a web root:\r\n\r\n<Files "rsrc">\r\n Order allow,deny\r\n Deny from all\r\n Satisfy All\r\n</Files>\r\n\r\n<DirectoryMatch ".*\.\.namedfork">\r\n Order allow,deny\r\n Deny from all\r\n Satisfy All\r\n</DirectoryMatch>\r\n\r\nThe above mod_rewrite rules, reflect those recommended by Apple, and\r\ninstalled by the Apple update, in cases where the Apache configuration\r\nfile has not been modified. \r\n\r\nPrior to the use of mod_rewrite, users of versions of Apache prior to\r\n1.3.29 should ensure that they are not vulnerable to the stack overflow\r\nconditions, as described in CAN-2003-0542.\r\n\r\n\r\n-------------------------\r\n4D (WebStar Web Server V)\r\n-------------------------\r\n\r\nVulnerable: 4D WebStar 5.3.4 and below.\r\n\r\n4D's WebStar web server was found to be vulnerable to the issues\r\nresulting from the use of the OSX HFS+ file system. 4D have acknowledged\r\nthe existence of the issue and have implemented a fix in the latest\r\nversion of their product.\r\n\r\nFurther fix information for WebStar's product is available at:\r\n\r\nhttp://www.4d.com/products/downloads_4dws.html\r\n\r\nand:\r\n\r\nftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/\r\nPDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/About_5.3.4_Web_Security_Update.pd\r\nf\r\n\r\n\r\n------------------------\r\nRoxen (Roxen Web Server)\r\n------------------------\r\n\r\nVulnerable: Roxen Web Server Version 4.0.172 and below.\r\n\r\nRoxen's freely available web server product was found to be vulnerable\r\nto the issues resulting from the use of the OSX HFS+ file system. Roxen\r\nhave acknowledged that the issues result in an exploitable condition and\r\nare currently working on a fix to in order to remedy the issues. Release\r\n4 of the web server software is due for release in mid-January 2005 and\r\nwill be available from: http://download.roxen.com/4.0/\r\n\r\n\r\n---------------------------------------\r\nRoxen (Roxen Content Management System)\r\n---------------------------------------\r\n\r\nVulnerable: Roxen Web Server Version 4.0 Release 3 and below.\r\n\r\nRoxens Content Management System (Roxen CMS), which is based around the\r\nfreely available Roxen web server, is also affected by the vulnerability\r\ncaused by the use of an OSX HFS+ file system. Research concluded that,\r\nalthough specific, customised applications running on Roxen CMS may be\r\naffected in a more severe manner, default configurations are not\r\nexploitable in the same manner in which these issues have found to be\r\nexploitable on other web server suites (see technical information for\r\ndetails). This said, attempts to access HFS+ named fork files via the\r\nCMS interface result in an error being thrown by the CMS software, which\r\nmay cause the application to behave in an undesired manner. \r\n\r\nRoxen have also commented that (as previously discussed in this\r\nadvisory), the fact that the HFS+ file system behaves in a\r\ncase-insensitive manner; remote users may also be able to access\r\nsensitive files through bypassing the case-sensitive access controls\r\nthat Roxen provides users with. Roxen have stated that a work around for\r\nthis issue will also be provided in release four of the CMS product.\r\n\r\nAs with the freely available Roxen web server, Roxen CMS 4, R4 will be\r\nmade available to customers by mod-January 2004. The fixed, trial\r\nversion of the Roxen CMS product will be made available from:\r\nhttp://www.4d.com/products/downloads_4dws.html\r\n\r\n\r\nTECHNICAL DETAIL:\r\n\r\nSide note:\r\n\r\nIt should be noted that NetSec will not release technical information\r\nuntil the point at which its responsible disclosure policy has been\r\nsatisfied and/or NetSec believes that sufficient technical and/or\r\nexploitation vector related information already exists within the public\r\ndomain. In the case of the issues described herein, both of the above\r\nwere found to be true.\r\n\r\nThe following extract of code is taken from the forkcomponent()\r\nfunction, which is part of the OSX HFS+ file system kernel module:\r\n\r\n/*\r\n * There are only 3 valid fork suffixes \r\n * "/..namedfork/rsrc"\r\n * "/..namedfork/data"\r\n * "/rsrc" (legacy)\r\n */\r\n\r\nAs you can see, the HFS+ file system implements three fork named file\r\nsystem forks, two of which pertain to the resource fork (suffixed with\r\nrsrc) and the third, pertaining to the file data named fork. Because of\r\nthe case-insensitivity of the HFS+ file system, these can be accessed in\r\na number of ways (such as /rsrc or /rSrC), hence, any programmatic\r\nchecks for attempts to access resource forks must also occur in a case\r\ninsensitive manner (via constructs such as tolower() for example).\r\n\r\nTwo attack impacts have been identified, through the above semantics of\r\nHFS+:\r\n\r\n1) Software may be tricked into miss-interpreting files, through\r\naccessing their respective data stream directly, for example,\r\n/filename/..namedfork/data as opposed to /filename.\r\n\r\n2) Software, implementing an internal access control systems may be\r\nbypassed through either implementing access controls in a case sensitive\r\nmanner (when HFS+ behaves case-insensitivity) and/or accessing the files\r\nrespective files data steam directly. For example, a file access control\r\nsystem preventing access to /filename, may be bypassed through\r\nconstructing a request to /filename/..namedfork/data. Such is the case,\r\nwhen an attempt is made to access an Apache ".htaccess" file, via the\r\nrequest construct:\r\n\r\nGET /path/.htaccess/..namedfork/data HTTP/1.0\r\n\r\nWhere access to .htccess files should otherwise be denied.\r\n\r\nAs noted above, the following http server suites have been tested to be\r\naffected by the HFS+ issues in this manner:\r\n\r\n4D (WebStar Web Server V)\r\nRoxen (Roxen Web Server)\r\nApache Foundation (Apache Web Server)\r\n\r\nAlthough Roxens's Content Management System (CMS) is largely based\r\naround the open source Roxen HTTP Server, it was not found to be\r\nvulnerable to the HFS+ arbitrary data access issue in this manner. This\r\nwas for the following reasons:\r\n\r\ni) By default, the CMS system will only permit access to files ending\r\nwith certain file extensions (such as .xml). Note: This can by bypassed\r\nthrough issuing requests to files using a null byte, such as\r\n/path/filename.forbidden/..namedfork/data%00.xml\r\n\r\nii) Prior to serving a file to a web client, the CMS interface will\r\nattempt to chdir() to the respective directory, containing the file\r\nrequested. In the case of a request to:\r\n\r\n/path/filename.xml/..namedfork/data\r\n\r\nthe CMS daemon will attempt to chdir() to the path:\r\n/path/filename.xml/..namedfork/ which of course will not exist.\r\nUnfortunately, the chdir() is the second of two operations which the CMS\r\nwill perform in order serve the file, the first being a stat() of the\r\nrespective file to be served. Due to the stat() succeeding and the\r\nchdir() failing, an exception will be thrown by the CMS daemon. \r\n\r\nAlthough no obvious way exists to leverage this, such unexpected\r\nbehaviour may result in the manifestation of a security flaw in\r\ncustomised applications, running on the CMS.\r\n\r\nWhilst the more obvious attack vectors pertain to HTTP servers (as\r\nabove), it is important to note that HTTP servers are not the only group\r\nof server software which will be impacted by the use of the HFS+ file\r\nsystem on Apple OSX. In essence, any software attempting to access files\r\non an HFS+ file system may be affected in the two ways noted above. To\r\nthis end, developers should thoroughly test their software and analyse\r\nthe affects of attempts to access HFS+ named forks by either remote or\r\nlocal users. NetSec are aware of several non-http server daemons which\r\nare negatively impacted by the use of HFS+, but do not intend to release\r\ndetails, given that the respective software publishers have yet to\r\nremedy these issues. \r\n\r\n\r\nATTACK DETECTION:\r\n\r\nAs described above, flaws resulting from the HFS+ named fork issue can\r\nbe exploited through http servers to disclose the contents of files,\r\nintended for server-side interpretation, such as files intended for\r\ninterpretation by the hyper-text pre-processor - PHP. The following\r\nrequest may be made to a vulnerable web server, to disclose the\r\npotentially sensitive contents of "test.php":\r\n\r\nExpected behaviour:\r\n\r\n# curl http://127.0.0.1/path/test.php\r\nhello world<br>\r\n#\r\n\r\nExpected behaviour if vulnerable:\r\n\r\n# curl http://127.0.0.1/path/test.php/..namedfork/data\r\n<? print "hello world<br>\n"; ?>\r\n#\r\n\r\nTo this end, web logs will display a request for a file, similar to the\r\nfollowing:\r\n\r\na.b.c.d - - [02/Jan/2005:13:33:37 +0100] "GET\r\n/path/test.php/..namedfork/data HTTP/1.0" 200 <size>\r\n\r\nAs part of a comprehensive risk management strategy, NetSec recommends\r\nroutine evaluation of anomalous web application log entries to detect\r\nthese types of exploitation attempts. Customer security devices managed\r\nunder NetSec's Managed Security Services received custom signatures to\r\ndetect this attack as of mid-November 2004.\r\n\r\nPlease contact the NetSec Security Operations Center if you have any\r\nquestions regarding this security issue.\r\n--\r\nNetSec Security Operations Center\r\n\r\n13525 Dulles Technology Drive\r\nHerndon, VA 20171 \r\n866.444.6762 - Toll Free (North America) \r\n+001.703.561.9042 - Phone (International)\r\n+001.703.561.0426 - Fax\r\n\r\nCorporate Site: http://www.netsec.net\r\n\r\nManaged Security | Business Relevance", "edition": 1, "modified": "2005-02-17T00:00:00", "published": "2005-02-17T00:00:00", "id": "SECURITYVULNS:DOC:7849", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:7849", "title": "NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:09", "bulletinFamily": "software", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------\r\n Red Hat Security Advisory\r\n\r\nSynopsis: Updated httpd packages fix Apache security vulnerabilities\r\nAdvisory ID: RHSA-2003:320-01\r\nIssue date: 2003-12-16\r\nUpdated on: 2003-12-16\r\nProduct: Red Hat Linux\r\nKeywords: Apache httpd ASF\r\nCross references: \r\nObsoletes: \r\nCVE Names: CAN-2003-0542 CAN-2003-0789\r\n- ---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nUpdated httpd packages that fix two minor security issues in the Apache Web\r\nserver are now available for Red Hat Linux 8.0 and 9.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 8.0 - i386\r\nRed Hat Linux 9 - i386\r\n\r\n3. Problem description:\r\n\r\nThe Apache HTTP Server is a powerful, full-featured, efficient, and\r\nfreely-available Web server.\r\n\r\nAn issue in the handling of regular expressions from configuration files\r\nwas discovered in releases of the Apache HTTP Server version 2.0 prior to\r\n2.0.48. To exploit this issue an attacker would need to have the ability\r\nto write to Apache configuration files such as .htaccess or httpd.conf. A\r\ncarefully-crafted configuration file can cause an exploitable buffer\r\noverflow and would allow the attacker to execute arbitrary code in the\r\ncontext of the server (in default configurations as the 'apache' user).\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2003-0542 to this issue.\r\n\r\nA bug in the CGI daemon-based "mod_cgid" module was discovered that can\r\nresult in CGI script output being sent to the wrong client. This issue only\r\naffects Red Hat Linux 9, and only when the server is configured to use the\r\n"worker" MPM. The default configuration uses the "mod_cgi" module for CGI\r\nand is not affected by this issue. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2003-0789 to this issue.\r\n\r\nUsers of the Apache HTTP Server should upgrade to these erratum packages,\r\nwhich contain backported patches correcting these issues, and are applied\r\nto Apache version 2.0.40.\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied.\r\n\r\nAfter the errata packages are installed, restart the HTTP service by\r\nrunning (as root) the following command:\r\n\r\n/sbin/service httpd restart\r\n\r\nTo update all RPMs for your particular architecture, run:\r\n\r\nrpm -Fvh [filenames]\r\n\r\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\r\nRPMs which are currently installed will be updated. Those RPMs which are\r\nnot installed but included in the list will not be updated. Note that you\r\ncan also use wildcards (*.rpm) if your current directory *only* contains the\r\ndesired RPMs.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this an easier way to apply updates. To use Red Hat Network,\r\nlaunch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system.\r\n\r\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \r\nErrors, you need to install a version of the up2date client with an updated \r\ncertificate. The latest version of up2date is available from the Red Hat \r\nFTP site and may also be downloaded directly from the RHN website:\r\n\r\nhttps://rhn.redhat.com/help/latest-up2date.pxt\r\n\r\n5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):\r\n\r\n103744 - slow-running CGI scripts are buffered too much\r\n103049 - httpd hung up reading /dev/random\r\n105725 - long httpd graceful reload times\r\n106454 - ProxyPass modifies http header removing Content-Length field\r\n106858 - SSL_EXPERIMENTAL is not defined in mod_ssl build\r\n\r\n6. RPMs required:\r\n\r\nRed Hat Linux 8.0:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/8.0/en/os/SRPMS/httpd-2.0.40-11.9.src.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.9.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.9.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.9.i386.rpm\r\nftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.9.i386.rpm\r\n\r\nRed Hat Linux 9:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/9/en/os/SRPMS/httpd-2.0.40-21.9.src.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.9.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.9.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.9.i386.rpm\r\nftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.9.i386.rpm\r\n\r\n\r\n\r\n7. Verification:\r\n\r\nMD5 sum Package Name\r\n- --------------------------------------------------------------------------\r\n55ba88925f6bcd9c79aa52650781a9d4 8.0/en/os/SRPMS/httpd-2.0.40-11.9.src.rpm\r\nb5070c0ddb837ee47bb8524477bd408c 8.0/en/os/i386/httpd-2.0.40-11.9.i386.rpm\r\n6591a9b46af9c442ebdb01fc588415e7 8.0/en/os/i386/httpd-devel-2.0.40-11.9.i386.rpm\r\n48ecfd324a720282fb64fe40257913ba 8.0/en/os/i386/httpd-manual-2.0.40-11.9.i386.rpm\r\n5d9079c45da40c280d81c822a610e100 8.0/en/os/i386/mod_ssl-2.0.40-11.9.i386.rpm\r\nd86ba55ad68623c7c02e3574b6551ce9 9/en/os/SRPMS/httpd-2.0.40-21.9.src.rpm\r\na7de88418ebf6f90103aa9a4b6ac7e42 9/en/os/i386/httpd-2.0.40-21.9.i386.rpm\r\n5225c7633d500df965fadebda203dc08 9/en/os/i386/httpd-devel-2.0.40-21.9.i386.rpm\r\n973dd508450927beaa2c2ec51a8a8144 9/en/os/i386/httpd-manual-2.0.40-21.9.i386.rpm\r\n77484acc67a3fb1b8faf95eeed0166b1 9/en/os/i386/mod_ssl-2.0.40-21.9.i386.rpm\r\n\r\n\r\nThese packages are GPG signed by Red Hat for security. Our key is\r\navailable from https://www.redhat.com/security/keys.html\r\n\r\nYou can verify each package with the following command:\r\n \r\n rpm --checksig -v <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n \r\n md5sum <filename>\r\n\r\n\r\n8. References:\r\n\r\nhttp://www.apacheweek.com/features/security-20.html\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789\r\n\r\n9. Contact:\r\n\r\nThe Red Hat security contact is <secalert@redhat.com>. More contact\r\ndetails at https://www.redhat.com/solutions/security/news/contact.html\r\n\r\nCopyright 2003 Red Hat, Inc.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQE/333SXlSAg2UNWIIRAjMFAKDAMHdvckHsWNP2pP45R7EbedyD/wCgidTw\r\nq2l8sqzqGntdkyqbQla9fwA=\r\n=F8hG\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2003-12-17T00:00:00", "published": "2003-12-17T00:00:00", "id": "SECURITYVULNS:DOC:5539", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5539", "title": "[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:28", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0542"], "edition": 1, "description": "### Background\n\nThe Apache HTTP Server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple stack-based buffer overflows in mod_alias and mod_rewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute arbitrary code via a regular expression containing more than 9 captures. \n\n### Impact\n\nAn attacker may cause a denial of service or execute arbitrary code with the privileges of the user that is running apache. \n\n### Workaround\n\nThere is no known workaround at this time, other than to disable both mod_alias and mod_rewrite. \n\n### Resolution\n\nIt is recommended that all Gentoo Linux users who are running net-misc/apache 1.x upgrade: \n \n \n # emerge sync\n # emerge -pv apache\n # emerge '>=www-servers/apache-1.3.29'\n # emerge clean\n # /etc/init.d/apache restart", "modified": "2007-12-30T00:00:00", "published": "2003-10-28T00:00:00", "id": "GLSA-200310-03", "href": "https://security.gentoo.org/glsa/200310-03", "type": "gentoo", "title": "Apache: multiple buffer overflows", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "edition": 1, "description": "### Background\n\nThe Apache HTTP Server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple stack-based buffer overflows in mod_alias and mod_rewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute arbitrary code via a regular expression containing more than 9 captures, and a bug in the way mod_cgid handles CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used, resulting in an information disclosure. \n\n### Impact\n\nAn attacker may cause a denial of service or execute arbitrary code with the privileges of the user that is running apache. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nIt is recommended that all Gentoo Linux users who are running net-misc/apache 2.x upgrade: \n \n \n # emerge sync\n # emerge -pv '>=www-servers/apache-2.0.48'\n # emerge '>=www-servers/apache-2.0.48'\n # emerge clean\n # /etc/init.d/apache2 restart\n\nPlease remember to update your config files in /etc/apache2 as --datadir has been changed to /var/www/localhost.", "modified": "2007-12-30T00:00:00", "published": "2003-10-31T00:00:00", "id": "GLSA-200310-04", "href": "https://security.gentoo.org/glsa/200310-04", "type": "gentoo", "title": "Apache: buffer overflows and a possible information disclosure", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "description": "\n\nBy using a regular expression with more than 9 captures a buffer\noverflow can occur in mod_alias or mod_rewrite. To exploit this an\nattacker would need to be able to create a carefully crafted configuration\nfile (.htaccess or httpd.conf)\n\n", "edition": 1, "modified": "2003-10-27T00:00:00", "published": "2003-08-04T00:00:00", "id": "HTTPD:44DE1C11AB1C5F3355CD333F817BA9F3", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 1.3.29: Local configuration regular expression overflow", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "description": "\n\nBy using a regular expression with more than 9 captures a buffer\noverflow can occur in mod_alias or mod_rewrite. To exploit this an\nattacker would need to be able to create a carefully crafted configuration\nfile (.htaccess or httpd.conf)\n\n", "edition": 1, "modified": "2003-10-27T00:00:00", "published": "2003-08-04T00:00:00", "id": "HTTPD:BF91960D1C394323C3E60B7A1E3A9672", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.48: Local configuration regular expression overflow", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "description": "\n\nBy using a regular expression with more than 9 captures a buffer\noverflow can occur in mod_alias or mod_rewrite. To exploit this an\nattacker would need to be able to create a carefully crafted configuration\nfile (.htaccess or httpd.conf)\n\n", "edition": 5, "modified": "2003-10-27T00:00:00", "published": "2003-08-04T00:00:00", "id": "HTTPD:04E27235B076B98F9191AAA4AF148F2F", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: Local configuration regular expression overflow", "type": "httpd", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:05:40", "description": "This update includes the latest stable release of Apache httpd 2.0,\nincluding a fix for the security issue CVE-2003-0542, a buffer\noverflow in the parsing of configuration files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2004-07-23T00:00:00", "title": "Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "modified": "2004-07-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "cpe:/o:fedoraproject:fedora_core:1", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"], "id": "FEDORA_2003-004.NASL", "href": "https://www.tenable.com/plugins/nessus/13662", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2003-004.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13662);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2003-004\");\n\n script_name(english:\"Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest stable release of Apache httpd 2.0,\nincluding a fix for the security issue CVE-2003-0542, a buffer\noverflow in the parsing of configuration files.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-January/000034.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ac9ffa1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", cpu:\"i386\", reference:\"httpd-2.0.48-1.2\")) flag++;\nif (rpm_check(release:\"FC1\", cpu:\"i386\", reference:\"httpd-debuginfo-2.0.48-1.2\")) flag++;\nif (rpm_check(release:\"FC1\", cpu:\"i386\", reference:\"httpd-devel-2.0.48-1.2\")) flag++;\nif (rpm_check(release:\"FC1\", cpu:\"i386\", reference:\"httpd-manual-2.0.48-1.2\")) flag++;\nif (rpm_check(release:\"FC1\", cpu:\"i386\", reference:\"mod_ssl-2.0.48-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:20:49", "description": "The remote host appears to be running a version of the Apache web\nserver which is older than 1.3.29. Such versions are reportedly\naffected by local buffer overflow vulnerabilities in the mod_alias and\nmod_rewrite modules. An attacker could exploit these vulnerabilities\nto execute arbitrary code in the context of the affected application.\n\n*** Note that Nessus solely relied on the version number\n*** of the remote server to issue this warning. This might\n*** be a false positive", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-11-01T00:00:00", "title": "Apache < 1.3.29 Multiple Modules Local Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_1_3_29.NASL", "href": "https://www.tenable.com/plugins/nessus/11915", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11915);\n script_cve_id(\"CVE-2003-0542\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n\n script_bugtraq_id(8911);\n script_version(\"1.29\");\n \n script_xref(name:\"Secunia\", value:\"10096\");\n script_xref(name:\"Secunia\", value:\"10845\");\n script_xref(name:\"Secunia\", value:\"17311\");\n\n script_name(english:\"Apache < 1.3.29 Multiple Modules Local Overflow\");\n script_summary(english:\"Checks for version of Apache\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple local buffer overflow\nvulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a version of the Apache web\nserver which is older than 1.3.29. Such versions are reportedly\naffected by local buffer overflow vulnerabilities in the mod_alias and\nmod_rewrite modules. An attacker could exploit these vulnerabilities\nto execute arbitrary code in the context of the affected application.\n\n*** Note that Nessus solely relied on the version number\n*** of the remote server to issue this warning. This might\n*** be a false positive\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/342674/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache web server version 1.3.29 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/11/01\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/10/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n script_dependencie(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokesn Major/Minor\n# was used\n\nif (version =~ '^1(\\\\.3)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^1\\\\.3' && ver_compare(ver:version, fix:'1.3.29') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version + \n '\\n Fixed version : 1.3.29\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:17", "description": "Updated httpd packages that fix two minor security issues in the\nApache Web server are now available for Red Hat Enterprise Linux 3.\n\nThe Apache HTTP Server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue in the handling of regular expressions from configuration\nfiles was discovered in releases of the Apache HTTP Server version 2.0\nprior to 2.0.48. To exploit this issue an attacker would need to have\nthe ability to write to Apache configuration files such as .htaccess\nor httpd.conf. A carefully-crafted configuration file can cause an\nexploitable buffer overflow and would allow the attacker to execute\narbitrary code in the context of the server (in default configurations\nas the 'apache' user). The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0542 to this\nissue.\n\nUsers of the Apache HTTP Server should upgrade to these erratum\npackages, which contain backported patches correcting these issues,\nand are applied to Apache version 2.0.46. This update also includes\nfixes for a number of minor bugs found in this version of the Apache\nHTTP Server.", "edition": 28, "published": "2004-07-06T00:00:00", "title": "RHEL 3 : httpd (RHSA-2004:015)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "modified": "2004-07-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2004-015.NASL", "href": "https://www.tenable.com/plugins/nessus/12450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:015. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12450);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0542\");\n script_xref(name:\"RHSA\", value:\"2004:015\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2004:015)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two minor security issues in the\nApache Web server are now available for Red Hat Enterprise Linux 3.\n\nThe Apache HTTP Server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue in the handling of regular expressions from configuration\nfiles was discovered in releases of the Apache HTTP Server version 2.0\nprior to 2.0.48. To exploit this issue an attacker would need to have\nthe ability to write to Apache configuration files such as .htaccess\nor httpd.conf. A carefully-crafted configuration file can cause an\nexploitable buffer overflow and would allow the attacker to execute\narbitrary code in the context of the server (in default configurations\nas the 'apache' user). The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0542 to this\nissue.\n\nUsers of the Apache HTTP Server should upgrade to these erratum\npackages, which contain backported patches correcting these issues,\nand are applied to Apache version 2.0.46. This update also includes\nfixes for a number of minor bugs found in this version of the Apache\nHTTP Server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:015\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:015\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-26.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-26.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:05:17", "description": "Updated Apache packages that fix a minor security issue are now\navailable for Red Hat Enterprise Linux.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue in the handling of regular expressions from configuration\nfiles was discovered in releases of the Apache HTTP Server version 1.3\nprior to 1.3.29. To exploit this issue an attacker would need to have\nthe ability to write to Apache configuration files such as .htaccess\nor httpd.conf. A carefully-crafted configuration file can cause an\nexploitable buffer overflow and would allow the attacker to execute\narbitrary code in the context of the server (in default configurations\nas the 'apache' user). The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0542 to this\nissue.\n\nThis update also includes an alternative version of the httpd binary\nwhich supports setting the MaxClients configuration directive to\nvalues above 256.\n\nAll users of the Apache HTTP Web Server are advised to upgrade to the\napplicable errata packages, which contain back-ported fixes correcting\nthe above security issue.\n\nNote that the instructions in the 'Solution' section of this errata\ncontain additional steps required to complete the upgrade process.", "edition": 28, "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : apache (RHSA-2003:360)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "modified": "2004-07-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:apache", "p-cpe:/a:redhat:enterprise_linux:apache-manual", "p-cpe:/a:redhat:enterprise_linux:apache-devel"], "id": "REDHAT-RHSA-2003-360.NASL", "href": "https://www.tenable.com/plugins/nessus/12435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:360. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12435);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0542\");\n script_xref(name:\"RHSA\", value:\"2003:360\");\n\n script_name(english:\"RHEL 2.1 : apache (RHSA-2003:360)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache packages that fix a minor security issue are now\navailable for Red Hat Enterprise Linux.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue in the handling of regular expressions from configuration\nfiles was discovered in releases of the Apache HTTP Server version 1.3\nprior to 1.3.29. To exploit this issue an attacker would need to have\nthe ability to write to Apache configuration files such as .htaccess\nor httpd.conf. A carefully-crafted configuration file can cause an\nexploitable buffer overflow and would allow the attacker to execute\narbitrary code in the context of the server (in default configurations\nas the 'apache' user). The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2003-0542 to this\nissue.\n\nThis update also includes an alternative version of the httpd binary\nwhich supports setting the MaxClients configuration directive to\nvalues above 256.\n\nAll users of the Apache HTTP Web Server are advised to upgrade to the\napplicable errata packages, which contain back-ported fixes correcting\nthe above security issue.\n\nNote that the instructions in the 'Solution' section of this errata\ncontain additional steps required to complete the upgrade process.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:360\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apache, apache-devel and / or apache-manual\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:360\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-1.3.27-6.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-devel-1.3.27-6.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-manual-1.3.27-6.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-devel / apache-manual\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:14", "description": "Apache httpd is a hypertext transfer protocol server, and is used by\nover two thirds of the Internet's web sites. Upgraded Apache packages\nare available for Slackware 8.1, 9.0, 9.1, and -current. These fix\nlocal vulnerabilities that could allow users who can create or edit\nApache config files to gain additional privileges. Sites running\nApache should upgrade to the new packages. In addition, new mod_ssl\npackages have been prepared for all platforms, and new PHP packages\nhave been prepared for Slackware 8.1, 9.0, and - -current (9.1 already\nuses PHP 4.3.3). In -current, these packages also move the Apache\nmodule directory from /usr/libexec to /usr/libexec/apache. Links for\nall of these related packages are provided below.", "edition": 24, "published": "2005-07-13T00:00:00", "title": "Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "modified": "2005-07-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:apache", "p-cpe:/a:slackware:slackware_linux:mod_ssl"], "id": "SLACKWARE_SSA_2003-308-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2003-308-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18742);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0542\");\n script_xref(name:\"SSA\", value:\"2003-308-01\");\n\n script_name(english:\"Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache httpd is a hypertext transfer protocol server, and is used by\nover two thirds of the Internet's web sites. Upgraded Apache packages\nare available for Slackware 8.1, 9.0, 9.1, and -current. These fix\nlocal vulnerabilities that could allow users who can create or edit\nApache config files to gain additional privileges. Sites running\nApache should upgrade to the new packages. In addition, new mod_ssl\npackages have been prepared for all platforms, and new PHP packages\nhave been prepared for Slackware 8.1, 9.0, and - -current (9.1 already\nuses PHP 4.3.3). In -current, these packages also move the Apache\nmodule directory from /usr/libexec to /usr/libexec/apache. Links for\nall of these related packages are provided below.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.559833\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c39b7c6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache, mod_ssl and / or php packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"8.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.16_1.3.29\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"8.1\", pkgname:\"php\", pkgver:\"4.3.3\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"mod_ssl\", pkgver:\"2.8.16_1.3.29\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"php\", pkgver:\"4.3.3\", pkgarch:\"i386\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.16_1.3.29\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"mod_ssl\", pkgver:\"2.8.16_1.3.29\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"4.3.3\", pkgarch:\"i486\", pkgnum:\"3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:20", "description": "A buffer overflow in mod_alias and mod_rewrite was discovered in\nApache versions 1.3.19 and earlier as well as Apache 2.0.47 and\nearlier. This happens when a regular expression with more than 9\ncaptures is confined. An attacker would have to create a carefully\ncrafted configuration file (.htaccess or httpd.conf) in order to\nexploit these problems.\n\nAs well, another buffer overflow in Apache 2.0.47 and earlier in\nmod_cgid's mishandling of CGI redirect paths could result in CGI\noutput going to the wrong client when a threaded MPM is used.\n\nApache version 2.0.48 and 1.3.29 were released upstream to correct\nthese bugs; backported patches have been applied to the provided\npackages.", "edition": 25, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : apache (MDKSA-2003:103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "modified": "2004-07-31T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-modules", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-common", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache-manual", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:apache-source", "p-cpe:/a:mandriva:linux:libapr0", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-source", "p-cpe:/a:mandriva:linux:apache"], "id": "MANDRAKE_MDKSA-2003-103.NASL", "href": "https://www.tenable.com/plugins/nessus/14085", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:103. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14085);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0542\", \"CVE-2003-0789\");\n script_xref(name:\"MDKSA\", value:\"2003:103\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache (MDKSA-2003:103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow in mod_alias and mod_rewrite was discovered in\nApache versions 1.3.19 and earlier as well as Apache 2.0.47 and\nearlier. This happens when a regular expression with more than 9\ncaptures is confined. An attacker would have to create a carefully\ncrafted configuration file (.htaccess or httpd.conf) in order to\nexploit these problems.\n\nAs well, another buffer overflow in Apache 2.0.47 and earlier in\nmod_cgid's mishandling of CGI redirect paths could result in CGI\noutput going to the wrong client when a threaded MPM is used.\n\nApache version 2.0.48 and 1.3.29 were released upstream to correct\nthese bugs; backported patches have been applied to the provided\npackages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/Announcement.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/Announcement2.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"apache-1.3.26-6.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"apache-common-1.3.26-6.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"apache-devel-1.3.26-6.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"apache-manual-1.3.26-6.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"apache-modules-1.3.26-6.3.90mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"apache-source-1.3.26-6.3.90mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache-1.3.27-8.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache-devel-1.3.27-8.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache-modules-1.3.27-8.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache-source-1.3.27-8.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-common-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-devel-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-manual-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_dav-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_ldap-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_ssl-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-modules-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-source-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libapr0-2.0.47-1.6.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache-1.3.28-3.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache-devel-1.3.28-3.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache-modules-1.3.28-3.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache-source-1.3.28-3.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-common-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-devel-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-manual-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_cache-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_dav-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_deflate-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_disk_cache-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_file_cache-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_ldap-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_mem_cache-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_proxy-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-mod_ssl-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-modules-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"apache2-source-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libapr0-2.0.47-6.3.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:20:49", "description": "The remote host appears to be running a version of Apache 2.0.x prior\nto 2.0.48. It is, therefore, affected by multiple vulnerabilities :\n\n - The mod_rewrite and mod_alias modules fail to handle\n regular expressions containing more than 9 captures\n resulting in a buffer overflow.\n\n - A vulnerability may occur in the mod_cgid module caused\n by the mishandling of CGI redirect paths. This could\n cause Apache to send the output of a CGI program to the\n wrong client.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2003-09-26T00:00:00", "title": "Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_0_48.NASL", "href": "https://www.tenable.com/plugins/nessus/11853", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11853);\n script_version(\"1.33\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2003-0789\", \"CVE-2003-0542\");\n script_bugtraq_id(8926);\n script_xref(name:\"Secunia\", value:\"10096\");\n script_xref(name:\"Secunia\", value:\"10845\");\n script_xref(name:\"Secunia\", value:\"17311\");\n\n script_name(english:\"Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)\");\n script_summary(english:\"Checks for version of Apache.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a version of Apache 2.0.x prior\nto 2.0.48. It is, therefore, affected by multiple vulnerabilities :\n\n - The mod_rewrite and mod_alias modules fail to handle\n regular expressions containing more than 9 captures\n resulting in a buffer overflow.\n\n - A vulnerability may occur in the mod_cgid module caused\n by the mishandling of CGI redirect paths. This could\n cause Apache to send the output of a CGI program to the\n wrong client.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/342674/30/0/threaded\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html\" );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache web server version 2.0.48 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/09/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/10/29\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.0)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.0' && ver_compare(ver:version, fix:'2.0.48') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.48\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:01:31", "description": "SunOS 5.9: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10", "edition": 22, "published": "2004-07-12T00:00:00", "title": "Solaris 9 (sparc) : 113146-13", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0987", "CVE-2007-1349", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2003-0020", "CVE-2003-0542"], "modified": "2004-07-12T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_113146.NASL", "href": "https://www.tenable.com/plugins/nessus/13530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13530);\n script_version(\"1.41\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 9 (sparc) : 113146-13\");\n script_summary(english:\"Check for patch 113146-13\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 113146-13\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1021709.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:01:28", "description": "SunOS 5.8_x86: Apache Patch.\nDate this patch was last updated by Sun : Apr/23/08", "edition": 22, "published": "2004-10-17T00:00:00", "title": "Solaris 8 (x86) : 116974-07", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0987", "CVE-2007-1349", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2003-0020", "CVE-2003-0542"], "modified": "2004-10-17T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_116974.NASL", "href": "https://www.tenable.com/plugins/nessus/15483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15483);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 8 (x86) : 116974-07\");\n script_summary(english:\"Check for patch 116974-07\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116974-07\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8_x86: Apache Patch.\nDate this patch was last updated by Sun : Apr/23/08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116974-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:01:23", "description": "SunOS 5.8: Apache Patch.\nDate this patch was last updated by Sun : Apr/24/08", "edition": 22, "published": "2004-10-17T00:00:00", "title": "Solaris 8 (sparc) : 116973-07", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0987", "CVE-2007-1349", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2003-0020", "CVE-2003-0542"], "modified": "2004-10-17T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_116973.NASL", "href": "https://www.tenable.com/plugins/nessus/15482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15482);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 8 (sparc) : 116973-07\");\n script_summary(english:\"Check for patch 116973-07\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116973-07\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8: Apache Patch.\nDate this patch was last updated by Sun : Apr/24/08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116973-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2016-09-26T17:23:30", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "edition": 1, "description": "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.\n\nAlthough the Configuration utility for F5 Networks products is based on Apache, these products do not provide a way to configure the system to exploit this Apache vulnerability.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542>\n", "modified": "2016-07-25T00:00:00", "published": "2007-05-16T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/3000/100/sol3144.html", "id": "SOL3144", "title": "SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-01T00:21:19", "bulletinFamily": "software", "cvelist": ["CVE-2003-0542"], "description": "", "edition": 1, "modified": "2017-10-03T01:56:00", "published": "2007-05-17T04:00:00", "id": "F5:K3144", "href": "https://support.f5.com/csp/article/K3144", "title": "Apache mod_alias buffer overflow vulnerability CAN-2003-0542", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200310-03.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54498", "href": "http://plugins.openvas.org/nasl.php?oid=54498", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200310-03 (Apache)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple stack-based buffer overflows in mod_alias and mod_rewrite can\nallow execution of arbitrary code and cause a denial of service.\";\ntag_solution = \"It is recommended that all Gentoo Linux users who are running\nnet-misc/apache 1.x upgrade:\n\n # emerge sync\n # emerge -pv apache\n # emerge '>=net-www/apache-1.3.29'\n # emerge clean\n # /etc/init.d/apache restart\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200310-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=32194\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200310-03.\";\n\n \n\nif(description)\n{\n script_id(54498);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(9504, 8911);\n script_cve_id(\"CVE-2003-0542\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200310-03 (Apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 1.3.29\"), vulnerable: make_list(\"lt 1.3.29\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0542"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2003-308-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231053878", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053878", "type": "openvas", "title": "Slackware Advisory SSA:2003-308-01 apache security update", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2003_308_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53878\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_bugtraq_id(9504, 8911);\n script_cve_id(\"CVE-2003-0542\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2003-308-01 apache security update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2003-308-01\");\n\n script_tag(name:\"insight\", value:\"Apache httpd is a hypertext transfer protocol server, and is used\nby over two thirds of the Internet's web sites.\n\nUpgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,\nand -current. These fix local vulnerabilities that could allow users\nwho can create or edit Apache config files to gain additional\nprivileges. Sites running Apache should upgrade to the new packages.\n\nIn addition, new mod_ssl packages have been prepared for all platforms,\nand new PHP packages have been prepared for Slackware 8.1, 9.0, and\n\n - -current (9.1 already uses PHP 4.3.3). In -current, these packages\nalso move the Apache module directory from /usr/libexec to\n/usr/libexec/apache. Links for all of these related packages are\nprovided below.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2003-308-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.16_1.3.29-i386-1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"4.3.3-i386-1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-1\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.16_1.3.29-i386-1\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"php\", ver:\"4.3.3-i386-1\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i486-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.16_1.3.29-i486-1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "description": "Check for the Version of Apache mod_cgid", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835103", "href": "http://plugins.openvas.org/nasl.php?oid=835103", "type": "openvas", "title": "HP-UX Update for Apache mod_cgid HPSBUX00301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache mod_cgid HPSBUX00301\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Denial of Service (DoS) or Potential Execution of Arbitrary Code\";\ntag_affected = \"Apache mod_cgid on\n HP-UX B.11.00, B.11.11, B.11.20, B.11.22 and B.11.23 running the \n hpuxwsAPACHE HP-UX Apache-based Web Server.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache with mod_cgid, mod_alias or mod_rewrite. The vulnerability could be \n exploited to allow Denial of Service (DoS) or Potential Execution of \n Arbitrary Code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912060-1\");\n script_id(835103);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00301\");\n script_cve_id(\"CVE-2003-0789\", \"CVE-2003-0542\");\n script_name( \"HP-UX Update for Apache mod_cgid HPSBUX00301\");\n\n script_summary(\"Check for the Version of Apache mod_cgid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.1.0.10.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "description": "Check for the Version of Apache mod_cgid", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835103", "type": "openvas", "title": "HP-UX Update for Apache mod_cgid HPSBUX00301", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache mod_cgid HPSBUX00301\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Denial of Service (DoS) or Potential Execution of Arbitrary Code\";\ntag_affected = \"Apache mod_cgid on\n HP-UX B.11.00, B.11.11, B.11.20, B.11.22 and B.11.23 running the \n hpuxwsAPACHE HP-UX Apache-based Web Server.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache with mod_cgid, mod_alias or mod_rewrite. The vulnerability could be \n exploited to allow Denial of Service (DoS) or Potential Execution of \n Arbitrary Code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912060-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835103\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"00301\");\n script_cve_id(\"CVE-2003-0789\", \"CVE-2003-0542\");\n script_name( \"HP-UX Update for Apache mod_cgid HPSBUX00301\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache mod_cgid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.1.0.10.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0789", "CVE-2003-0542"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200310-04.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54499", "href": "http://plugins.openvas.org/nasl.php?oid=54499", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200310-04 (Apache)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple stack-based buffer overflows in mod_alias and mod_rewrite can\nallow execution of arbitrary code and cause a denial of service, and a bug\nin the way mod_cgid handles CGI redirect paths could result in CGI output\ngoing to the wrong client.\";\ntag_solution = \"It is recommended that all Gentoo Linux users who are running\nnet-misc/apache 2.x upgrade:\n\n # emerge sync\n # emerge -pv '>=net-www/apache-2.0.48'\n # emerge '>=net-www/apache-2.0.48'\n # emerge clean\n # /etc/init.d/apache2 restart\n\nPlease remember to update your config files in /etc/apache2 as --datadir\nhas been changed to /var/www/localhost.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200310-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=32271\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200310-04.\";\n\n \n\nif(description)\n{\n script_id(54499);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2003-0789\", \"CVE-2003-0542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200310-04 (Apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 2.0.48\", \"lt 2.0\"), vulnerable: make_list(\"lt 2.0.48\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:43:55", "bulletinFamily": "info", "cvelist": ["CVE-2003-0542", "CVE-2003-0789"], "description": "### Overview \n\nA vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances.\n\n### Description \n\nThe [Apache HTTP server](<http://httpd.apache.org/>) distribution includes a number of supplemental [modules](<http://httpd.apache.org/docs/mod/>) that provide additional functionality to the web server. One of these modules, [`mod_alias`](<http://httpd.apache.org/docs/mod/mod_alias.html>), provides for mapping different parts of the host filesystem into the document tree and for URL redirection. Several of the `mod_alias` directives can use regular expressions rather than simple prefix matches. A buffer overflow has been discovered in the way that `mod_alias` handles regular expressions containing more than 9 captures (stored strings matching a particular pattern). This flaw results in a remotely exploitable vulnerability on web servers that specify such a regular expression to the `mod_alias` module in their configuration files. \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code in the context of the web server user (e.g., \"`apache`\", \"`httpd`\", \"`nobody`\", etc.). The attacker would have to have the ability to supply a specially crafted configuration file (e.g., `.htaccess` or `httpd.conf`) to the Apache server in order to mount this attack. \n \n--- \n \n### Solution \n\n**Apply a patch from the vendor**\n\nPatches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details. \n \n--- \n \n**Workarounds**\n\n \nDisable `mod_alias` if it is not required in your web server configuration. Instructions for doing this can be found in the [Apache HTTP Server documentation](<http://httpd.apache.org/docs/>). Sites, particularly those that are not able to apply the patches, are encouraged to consider implementing this workaround. \n \n--- \n \n### Vendor Information\n\n549142\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apache Software Foundation __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe [Apache Software Foundation](<http://www.apache.org/>) has released versions 1.3.29 and 2.0.48 of the Apache httpd server in response to this issue. These patched versions of the software are available at:\n\n \n<<http://www.apache.org/dist/httpd/>> \nBecause this software is commonly repackaged by third-party vendors, users are encouraged to review the Systems Affected section of VU#434566 first to determine whether their vendor has produced an update for their systems. \n \nUsers who compile the Apache httpd software from source code are encouraged to upgrade to one of the patched versions listed above (or newer). Users are also encouraged to verify the PGP signatures on the software distribution before compiling and installing it on their systems. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Conectiva __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n`- -------------------------------------------------------------------------- \nCONECTIVA LINUX SECURITY ANNOUNCEMENT \n- --------------------------------------------------------------------------` \n \n`PACKAGE : apache \nSUMMARY : Fix for some vulnerabilities \nDATE : 2003-11-05 19:18:00 \nID : CLA-2003:775 \nRELEVANT \nRELEASES : 7.0, 8, 9` \n \n`- -------------------------------------------------------------------------` \n \n`DESCRIPTION \nApache[1] is the most popular webserver in use today. \n \nNew versions of the Apache web server have been made available[2][3] \nwith the following security fixes: \n \n1. Buffer overflow in mod_alias and mod_rewrite (CAN-2003-0542) [4] \nA buffer overflow could occur in mod_alias and mod_rewrite when a \nregular expression with more than 9 captures is configured. Users who \ncan create or modify configuration files (httpd.conf or .htaccess, \nfor example) could trigger this. This vulnerability affects Apache \n1.3.x and Apache 2.0.x. \n \n2. mod_cgid mishandling of CGI redirect paths (CAN-2003-0789) [5] \nmod_cgid mishandling of CGI redirect paths could result in CGI output \ngoing to the wrong client when a threaded MPM is used. The packages \nprovided with Conectiva Linux 9 are not vulnerable to this issue \nbecause they are not compiled with that MPM, but the fix has been \nincluded because new packages for Conectiva Linux 9 were already \nbeing built for the suexec problem (see below). \n \nIn addition to the above security fixes, \"suexec\" has been correctly` \n` built in the Conectiva Linux 9 packages, fixing[6] the problem where \nCGI scripts could not be run from the user's home directory.` \n \n \n`SOLUTION \nIt is recommended that all Apache users upgrade their packages. \n \nIMPORTANT: it is necessary to manually restart the httpd server after \nupgrading the packages. In order to do this, execute the following as \nroot: \n \nservice httpd stop \n \n(wait a few seconds and check with \"pidof httpd\" if there are any \nhttpd processes running. On a busy webserver this could take a little \nlonger) \n \nservice httpd start \n \n \nREFERENCES \n1. <http://apache.httpd.org/> \n2. <http://www.apache.org/dist/httpd/Announcement2.html> \n3. <http://www.apache.org/dist/httpd/Announcement.html> \n4. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542> \n5. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789> \n6. <http://bugzilla.conectiva.com.br/show_bug.cgi?id=8754> (pt_BR only)` \n \n \n`UPDATED PACKAGES \n<ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/apache-1.3.28-1U70_2cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-1.3.28-1U70_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-devel-1.3.28-1U70_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-doc-1.3.28-1U70_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/SRPMS/apache-1.3.28-1U80_2cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-1.3.28-1U80_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-devel-1.3.28-1U80_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-doc-1.3.28-1U80_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_5cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_5cl.i386.rpm>` \n`<ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_5cl.i386.rpm>` \n \n \n`ADDITIONAL INSTRUCTIONS \nThe apt tool can be used to perform RPM packages upgrades:` \n \n` - run: apt-get update \n- after that, execute: apt-get upgrade` \n \n` Detailed instructions reagarding the use of apt and upgrade examples \ncan be found at <http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll packages are signed with Conectiva's GPG key. The key and instructions \non how to import it can be found at \n<http://distro.conectiva.com.br/seguranca/chave/?idioma=en> \nInstructions on how to check the signatures of the RPM packages can be \nfound at <http://distro.conectiva.com.br/seguranca/politica/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll our advisories and generic update instructions can be viewed at \n<http://distro.conectiva.com.br/atualizacoes/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nCopyright (c) 2003 Conectiva Inc. \n<http://www.conectiva.com>` \n \n`- ------------------------------------------------------------------------- \nsubscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br \nunsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org>` \n \n`iD8DBQE/qWk/42jd0JmAcZARAkF2AJsGfA3n7v7l8f4A8ik+Ao6uqB9NYACfZnQ4 \nqf3SjmMxGkqRYyXuBBragEE= \n=zsxK \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n \n`- --------------------------------------------------------------------------- \nGENTOO LINUX SECURITY ANNOUNCEMENT 200310-03 \n- ---------------------------------------------------------------------------` \n \n` PACKAGE : net-www/apache \nSUMMARY : buffer overflow \nDATE : Tue Oct 28 16:43:46 UTC 2003 \nEXPLOIT : local \nVERSIONS AFFECTED : <apache-1.3.29 \nFIXED VERSION : >=apache-1.3.29 \nCVE : CAN-2003-0542 (under review at time of GLSA)` \n \n`- ---------------------------------------------------------------------------` \n \n`Quote from <<http://httpd.apache.org/dev/dist/Announcement>>:` \n \n` This version of Apache is principally a bug and security fix release. \nA partial summary of the bug fixes is given at the end of this document. \nA full listing of changes can be found in the CHANGES file. Of \nparticular note is that 1.3.29 addresses and fixes 1 potential \nsecurity issue:` \n \n` o CAN-2003-0542 (cve.mitre.org) \nFix buffer overflows in mod_alias and mod_rewrite which occurred if \none configured a regular expression with more than 9 captures.` \n \n` We consider Apache 1.3.29 to be the best version of Apache 1.3 available \nand we strongly recommend that users of older versions, especially of \nthe 1.1.x and 1.2.x family, upgrade as soon as possible. No further \nreleases will be made in the 1.2.x family.` \n \n \n`SOLUTION` \n \n`It is recommended that all Gentoo Linux users who are running \nnet-misc/apache 1.x upgrade:` \n \n`emerge sync \nemerge -pv apache \nemerge '>=net-www/apache-1.3.29' \nemerge clean \n/etc/init.d/apache restart` \n \n \n`// end` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (Darwin)` \n \n`iD8DBQE/vGZWnt0v0zAqOHYRAnnUAKCf7j5ZciPl2A/lfT2G6re9L0ZjugCfQGYk \nRyV+5R/BFsdAzsMYZp9dT8A= \n=ym4e \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nGuardian Digital, Inc. has released Guardian Digital Security Advisory [ESA-20031105-030](<http://www.linuxsecurity.com/advisories/engarde_advisory-3759.html>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nUpdated: March 08, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n` ----------------------------------------------------------------- \n**REVISED 01** \nSource: HEWLETT-PACKARD COMPANY \nSECURITY BULLETIN: HPSBUX0311-301 \nOriginally issued: 18 November 2003 \nLast revised: 19 November 2003 \nSSRT3663 Apache HTTP Server mod_cgid, mod_alias, mod_rewrite \n----------------------------------------------------------------- \nNOTICE: There are no restrictions for distribution of this \nBulletin provided that it remains complete and intact.` \n \n`The information in the following Security Bulletin should be \nacted upon as soon as possible. Hewlett-Packard Company will \nnot be liable for any consequences to any customer resulting \nfrom customer's failure to fully implement instructions in this \nSecurity Bulletin as soon as possible.` \n \n` ----------------------------------------------------------------- \nPROBLEM: 1. mod_cgid mishandling of CGI redirect paths could \nresult in CGI output going to the wrong client when a \nthreaded MPM is used.` \n \n` More details are available at: \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789>` \n \n` 2. A buffer overflow could occur in mod_alias and \nmod_rewrite when a regular expression with more than \n9 captures is configured.` \n \n` More details are available at: \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542>` \n \n \n`IMPACT: Potential Denial of Service or execute arbitrary code.` \n \n`PLATFORM: HP9000 Servers running HP-UX release B.11.00, B.11.11, \nB.11.20, B.11.22, and B.11.23 with versions of the \nfollowing products are affected, and represented as: \nproduct-name, version (product-tag/bundle-tag)` \n \n` product-name, version (product-tag/bundle-tag)` \n \n` - hp apache-based web server, 2.0.43.04 \nor earlier (HPApache/B9416AA) \nThis product includes Apache 2.0.43.` \n \n` - hp-ux apache-based web server, v.1.0.09.01 \nor earlier (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.47.` \n \n` - hp apache-based web server (with IPv6 support), \n2.0.43.04 or earlier (HPApache/B9416BA) \nThis product includes Apache 2.0.43.` \n \n` - hp-ux apache-based web server(with IPv6 support), \nv.1.0.09.01 or earlier (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.47.` \n \n`SOLUTION: For HP-UX releases B.11.00, B.11.11, B.11.20, B.11.22 \nand B.11.23 download new HP Apache product from \n<http://www.software.hp.com/:>` \n \n` For HPApache/B9416AA, HPApache/B9416BA and \nhpuxwsAPACHE/hpuxwsApache download the following:` \n \n` - hp-ux apache-based web server (with IPv4) \nv.1.0.10.01 or later (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.48. \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/> \ncgi/displayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n` - hp-ux apache-based web server(with IPv6 support), \nv.1.0.10.01 or later (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.48. \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/> \ncgi/displayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n \n`MANUAL ACTIONS: Yes - Non-Update \nInstall the product containing the fix. \nFor customers with HPApache/B9416AA \nHPApache/B9416BA installed, the fix requires \nmigration to hpuxwsAPACHE/hpuxwsApache and \nremoving the affected products from the system.` \n \n`AVAILABILITY: Complete product bundles are available now on \n<<http://www.software.hp.com/>>` \n \n`CHANGE SUMMARY: Rev. 01 Corrected typo in version number \n----------------------------------------------------------------- \n**REVISED 01** \nA. Background \nThe Common Vulnerabilities and Exposures project \n<<http://cve.mitre.org/>> has identified potential \nvulnerabilities in the Apache HTTP Server (CAN-2003-0789, and \nCAN-2003-0542). It affects the following HP product \nnumbers/versions on HP-UX releases B.11.00, B.11.11, B.11.20, \nB.11.22, and B.11.23:` \n \n` - hp apache-based web server, 2.0.43.04 or earlier \n(HPApache/B9416AA)` \n \n` - hp-ux apache-based web server, v.1.0.09.01 or earlier \n(hpuxwsAPACHE/hpuxwsApache)` \n \n` - hp apache-based web server, 2.0.43.04 (with IPv6 support) \nor earlier (HPApache/B9416BA)` \n \n` - hp-ux apache-based web server (with IPv6 support), \nv.1.0.09.01 or earlier (hpuxwsAPACHE/hpuxwsApache)` \n \n` AFFECTED VERSIONS` \n \n` The following is a list of affected filesets or patches \nand fix information. To determine if a system has an \naffected version, search the output of \n\"swlist -a revision -l fileset\" for an affected fileset \nor patch, then determine if a fixed revision or applicable \npatch is installed.` \n \n` HP-UX B.11.00 \nHP-UX B.11.11 \nHP-UX B.11.20 \nHP-UX B.11.22 \nHP-UX B.11.23 \n==================================== \nHPApache.APACHE2 \nhpuxwsAPACHE.APACHE2 \n--->> fix: install hp-ux apache-based web server, v.1.0.10.01 \nor later.` \n \n` END AFFECTED VERSIONS` \n \n`B. Recommended solution \nThe Apache Software Foundation has released Apache 2.0.48 as \nthe best known version that fixes the problems identified in \nthe above mentioned issues.` \n \n` For customers using HPApache/B9416AA HPApache/B9416BA and \nhpuxwsAPACHE/hpuxwsApache, HP has incorporated Apache 2.0.48 \nin the following product: \n- hp-ux apache-based web server v.1.0.10.01 or later \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/> \ndisplayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n \n` Check for Apache Installation \n----------------------------- \nTo determine if the Apache web server from HP is installed on \nyour system, use Software Distributor's swlist command. All \nthree versions products may co-exist on a single system.` \n \n` For example, the results of the command \nswlist -l product | grep -i apache` \n \n` HPApache 2.0.39.01.02 HP Apache-based Web Server \nhpuxwsAPACHE A.1.0.09.01 HP-UX Apache-based Web Server` \n \n` Stop Apache \n----------------------------- \nBefore updating, make sure to stop any previous Apache binary. \nOtherwise, the previous binary will continue running, \npreventing the new one from starting, although the installation \nwould be successful.` \n \n` After determining which Apache is installed, stop Apache with \nthe following commands:` \n \n` for HPApache: /opt/hpapache2/bin/apachectl stop \nfor hpuxwsAPACHE: /opt/hpws/apache/bin/apachectl stop` \n \n` Download and Install Apache \n----------------------------- \n- Download Apache from Software Depot using the previously \nmentioned links. \n- Verify successful download by comparing the cksum with the \nvalue specified on the installation web page. \n- Use SD to swinstall the depot. \n- For customers with HPApache/B9416BA installed, migrate to \nhpuxwsAPACHE/hpuxwsApache and remove the affected products \nfrom the system.` \n \n` Installation of this new version of HP Apache over an existing \nHP Apache installation is supported, while installation over a \nnon-HP Apache is NOT supported.` \n \n` Removing Apache Installation \n---------------------------- \nIf you rather remove Apache from your system than install a \nnewer version to resolve the security problem, use both \nSoftware Distributor's \"swremove\" command and also \"rm -rf\" the \nhome location as specified in the rc.config.d file \"HOME\" \nvariables.` \n \n` To find the files containing HOME variables in the \n/etc/rc.config.d directory:` \n \n` %ls /etc/rc.config.d | grep apache \nhpapache2conf \nhpws_apacheconf` \n \n`C. To subscribe to automatically receive future NEW HP Security \nBulletins from the HP IT Resource Center via electronic \nmail, do the following:` \n \n` Use your browser to get to the HP IT Resource Center page \nat:` \n \n` <http://itrc.hp.com>` \n \n` Use the 'Login' tab at the left side of the screen to login \nusing your ID and password. Use your existing login or the \n\"Register\" button at the left to create a login, in order to \ngain access to many areas of the ITRC. Remember to save the \nUser ID assigned to you, and your password.` \n \n` In the left most frame select \"Maintenance and Support\".` \n \n` Under the \"Notifications\" section (near the bottom of \nthe page), select \"Support Information Digests\".` \n \n` To -subscribe- to future HP Security Bulletins or other \nTechnical Digests, click the check box (in the left column) \nfor the appropriate digest and then click the \"Update \nSubscriptions\" button at the bottom of the page.` \n \n` or` \n \n` To -review- bulletins already released, select the link \n(in the middle column) for the appropriate digest.` \n \n` NOTE: Using your itrc account security bulletins can be \nfound here: \n<http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin>` \n \n \n` To -gain access- to the Security Patch Matrix, select \nthe link for \"The Security Bulletins Archive\". (near the \nbottom of the page) Once in the archive the third link is \nto the current Security Patch Matrix. Updated daily, this \nmatrix categorizes security patches by platform/OS release, \nand by bulletin topic. Security Patch Check completely \nautomates the process of reviewing the patch matrix for \n11.XX systems. Please note that installing the patches \nlisted in the Security Patch Matrix will completely \nimplement a security bulletin _only_ if the MANUAL ACTIONS \nfield specifies \"No.\"` \n \n` The Security Patch Check tool can verify that a security \nbulletin has been implemented on HP-UX 11.XX systems providing \nthat the fix is completely implemented in a patch with no \nmanual actions required. The Security Patch Check tool cannot \nverify fixes implemented via a product upgrade.` \n \n` For information on the Security Patch Check tool, see: \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/> \ndisplayProductInfo.pl?productNumber=B6834AA` \n \n` The security patch matrix is also available via anonymous \nftp:` \n \n` <ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/>` \n \n` On the \"Support Information Digest Main\" page: \nclick on the \"HP Security Bulletin Archive\".` \n \n` The PGP key used to sign this bulletin is available from \nseveral PGP Public Key servers. The key identification \ninformation is:` \n \n` 2D2A7D59 \nHP Security Response Team (Security Bulletin signing only) \n<security-alert@hp.com> \nFingerprint = \n6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59` \n \n` If you have problems locating the key please write to \nsecurity-alert@hp.com. Please note that this key is \nfor signing bulletins only and is not the key returned \nby sending 'get key' to security-alert@hp.com.` \n \n \n`D. To report new security vulnerabilities, send email to` \n \n` security-alert@hp.com` \n \n` Please encrypt any exploit information using the \nsecurity-alert PGP key, available from your local key \nserver, or by sending a message with a -subject- (not body) \nof 'get key' (no quotes) to security-alert@hp.com.` \n \n` -----------------------------------------------------------------` \n \n`(c)Copyright 2003 Hewlett-Packard Company \nHewlett-Packard Company shall not be liable for technical or \neditorial errors or omissions contained herein. The information \nin this document is subject to change without notice. \nHewlett-Packard Company and the names of HP products referenced \nherein are trademarks and/or service marks of Hewlett-Packard \nCompany. Other product and company names mentioned herein may be \ntrademarks and/or service marks of their respective owners.` \n \n` ________________________________________________________________ \n- --` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: PGP 8.0` \n \n`iQA/AwUBP7wcI+AfOvwtKn1ZEQLrYACg57hw7CsQg63mHb936Iv7mb4ZB1cAoNi5 \nS6ApYHc0R0qvXKQTDOvx0K2X \n=Iijo \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### MandrakeSoft __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nMandrakeSoft has published MandrakeSoft Security Advisory [MDKSA-2003:103](<http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### OpenPKG __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe OpenPKG development team has release OpenPKG Security Advisory [OpenPKG-SA-2003.046](<http://www.openpkg.org/security/OpenPKG-SA-2003.046-apache.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRed Hat, Inc. has published the following Red Hat Security Advisories in response to this issue:\n\n * [RHSA-2003:320](<http://rhn.redhat.com/errata/RHSA-2003-320.html>)\n * [RHSA-2003:360](<http://rhn.redhat.com/errata/RHSA-2003-360.html>)\n * [RHSA-2003:405](<http://rhn.redhat.com/errata/RHSA-2003-405.html>)\n * [RHSA-2004:015](<http://rhn.redhat.com/errata/RHSA-2004-015.html>)\n \nUsers are encouraged to review the information provided in these advisories and apply the patches they refer to. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### SCO __ Affected\n\nUpdated: March 08, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe SCO Group has published SCO Security Advisory [CSSA-2003-SCO.28](<ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28/CSSA-2003-SCO.28.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### SGI __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSGI has published [SGI Advanced Linux Environment security update #7](<ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc>) in response to this issue. Users are encouraged to review this bulletin and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Slackware __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n`[slackware-security] apache security update (SSA:2003-308-01)` \n \n`Apache httpd is a hypertext transfer protocol server, and is used \nby over two thirds of the Internet's web sites.` \n \n`Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, \nand -current. These fix local vulnerabilities that could allow users \nwho can create or edit Apache config files to gain additional \nprivileges. Sites running Apache should upgrade to the new packages.` \n \n`In addition, new mod_ssl packages have been prepared for all platforms, \nand new PHP packages have been prepared for Slackware 8.1, 9.0, and \n- -current (9.1 already uses PHP 4.3.3). In -current, these packages \nalso move the Apache module directory from /usr/libexec to \n/usr/libexec/apache. Links for all of these related packages are \nprovided below.` \n \n`More details about the Apache issue may be found in the Common \nVulnerabilities and Exposures (CVE) database:` \n \n` <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542>` \n \n \n`Here are the details from the Slackware 9.1 ChangeLog: \n+--------------------------+ \nMon Nov 3 20:06:29 PST 2003 \npatches/packages/apache-1.3.29-i486-1.tgz: Upgraded to apache-1.3.29. \nThis fixes the following local security issue: \no CAN-2003-0542 (cve.mitre.org) \nFix buffer overflows in mod_alias and mod_rewrite which occurred if \none configured a regular expression with more than 9 captures. \nThis vulnerability requires the attacker to create or modify certain \nApache configuration files, and is not a remote hole. However, it could \npossibly be used to gain additional privileges if access to the Apache \nadministrator account can be gained through some other means. All sites \nrunning Apache should upgrade. \n(* Security fix *) \n+--------------------------+` \n \n \n`WHERE TO FIND THE NEW PACKAGES: \n+-----------------------------+` \n \n`Updated packages for Slackware 8.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.3-i386-1.tgz>` \n \n`Updated packages for Slackware 9.0: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.3-i386-1.tgz>` \n \n`Updated packages for Slackware 9.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.29-i486-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.16_1.3.29-i486-1.tgz>` \n \n`Updated packages for Slackware -current: \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.29-i486-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.16_1.3.29-i486-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.3-i486-3.tgz>` \n \n \n`MD5 SIGNATURES: \n+-------------+` \n \n`Slackware 8.1 packages: \n1a8190a214c052f0707bd5a6b005a7cd apache-1.3.29-i386-1.tgz \neb74afbc99295c01d418b576e92e83bb mod_ssl-2.8.16_1.3.29-i386-1.tgz \nb41a44c3ce2a3a09873b5d0930faf4c1 php-4.3.3-i386-1.tgz` \n \n`Slackware 9.0 packages: \nbb34ae622245f57bdca747ac5d8f73cf apache-1.3.29-i386-1.tgz \nc84af5778a5667a06a60a274f2fe1edb mod_ssl-2.8.16_1.3.29-i386-1.tgz \n7660e36f2cfb30cc339734369cca7719 php-4.3.3-i386-1.tgz` \n \n`Slackware 9.1 packages: \n9b494bb3f03cb4a4cb8c28f4fcc76666 apache-1.3.29-i486-1.tgz \n938412e01daf55fee37293a5790d907f mod_ssl-2.8.16_1.3.29-i486-1.tgz` \n \n`Slackware -current packages: \n091c22d398c51fee820dd0d0b7d514e3 apache-1.3.29-i486-1.tgz \ncd260439c9f1373329ba2224ace0451d mod_ssl-2.8.16_1.3.29-i486-1.tgz \ncc90540cc07e840e5a0513ffbb308102 php-4.3.3-i486-3.tgz` \n \n \n`INSTALLATION INSTRUCTIONS: \n+------------------------+` \n \n`First, stop apache:` \n \n`# apachectl stop` \n \n`Next, upgrade these packages as root:` \n \n`# upgradepkg apache-1.3.29-i486-1.tgz \n# upgradepkg mod_ssl-2.8.16_1.3.29-i486-1.tgz \n# upgradepkg php-4.3.3-i486-3.tgz` \n \n`Finally, restart apache:` \n \n`# apachectl start` \n \n`Or, if you're running a secure server with mod_ssl:` \n \n`# apachectl startssl` \n \n \n`+-----+` \n \n`Slackware Linux Security Team \n<http://slackware.com/gpg-key> \nsecurity@slackware.com` \n \n`+------------------------------------------------------------------------+ \n| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | \n+------------------------------------------------------------------------+ \n| Send an email to majordomo@slackware.com with this text in the body of | \n| the email message: | \n| | \n| unsubscribe slackware-security | \n| | \n| You will get a confirmation message back. Follow the instructions to | \n| complete the unsubscription. Do not reply to this message to | \n| unsubscribe! | \n+------------------------------------------------------------------------+` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/qEKrakRjwEAQIjMRArvcAKCMB2tJJVmHitflS/Rc0yG9kksiPACeP0Dd \n7HXUeO3O/cg1yufkh2Zvrqg= \n=YQdI \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nUpdated: March 08, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSun Microsystems, Inc. has published [Sun Security Alert #57496](<http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57496>) in response to this issue. Users are encouraged to review this alert and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\n### Trustix __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Trustix development team has published [Trustix Secure Linux Security Advisory #2003-0041](<http://www.trustix.org/errata/misc/2003/TSL-2003-0041-apache.asc.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23549142 Feedback>).\n\nView all 13 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.secunia.com/advisories/10153/>\n * <http://www.secunia.com/advisories/10114>\n * <http://www.secunia.com/advisories/10112/>\n * <http://www.secunia.com/advisories/10102/>\n * <http://www.secunia.com/advisories/10098/>\n * <http://www.secunia.com/advisories/10096/>\n * <http://www.secunia.com/advisories/10260/>\n * <http://www.secunia.com/advisories/10264/>\n * <http://www.secunia.com/advisories/10463/>\n\n### Acknowledgements\n\nThe Apache Software Foundation credits Andr\u00e9 Malo with the discovery of this vulnerability.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0542](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0542>) \n---|--- \n**Severity Metric:** | 0.61 \n**Date Public:** | 2003-10-30 \n**Date First Published:** | 2004-02-03 \n**Date Last Updated: ** | 2004-03-19 19:58 UTC \n**Document Revision: ** | 28 \n", "modified": "2004-03-19T19:58:00", "published": "2004-02-03T00:00:00", "id": "VU:549142", "href": "https://www.kb.cert.org/vuls/id/549142", "type": "cert", "title": "Apache mod_alias vulnerable to buffer overflow via crafted regular expression", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T20:43:56", "bulletinFamily": "info", "cvelist": ["CVE-2003-0542", "CVE-2003-0789"], "description": "### Overview \n\nA vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances.\n\n### Description \n\nThe [Apache HTTP server](<http://httpd.apache.org/>) distribution includes a number of supplemental [modules](<http://httpd.apache.org/docs/mod/>) that provide additional functionality to the web server. One of these modules, [`mod_rewrite`](<http://httpd.apache.org/docs/mod/mod_rewrite.html>), provides a rule-based rewriting engine to rewrite requested URLs \"on the fly\" based regular expressions. A buffer overflow has been discovered in the way that `mod_rewrite` handles regular expressions containing more than 9 captures (stored strings matching a particular pattern). This flaw results in a remotely exploitable vulnerability on web servers that specify such a regular expression to the `mod_rewrite` module in their configuration files. \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code in the context of the web server user (e.g., \"`apache`\", \"`httpd`\", \"`nobody`\", etc.). The attacker would have to have the ability to supply a specially crafted configuration file (e.g., `.htaccess` or `httpd.conf`) to the Apache server in order to mount this attack. \n \n--- \n \n### Solution \n\n**Apply a patch from the vendor**\n\nPatches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details. \n \n--- \n \n**Workarounds**\n\n \nDisable `mod_rewrite` if it is not required in your web server configuration. Instructions for doing this can be found in the [Apache HTTP server documentation](<http://httpd.apache.org/docs/>). Sites, particularly those that are not able to apply the patches, are encouraged to consider implementing this workaround. \n \n--- \n \n### Vendor Information\n\n434566\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apache Software Foundation __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe [Apache Software Foundation](<http://www.apache.org/>) has released versions 1.3.29 and 2.0.48 of the Apache httpd server in response to this issue. These patched versions of the software are available at:\n\n \n<<http://www.apache.org/dist/httpd/>> \nBecause this software is commonly repackaged by third-party vendors, users are encouraged to review the Systems Affected section of VU#434566 first to determine whether their vendor has produced an update for their systems. \n \nUsers who compile the Apache httpd software from source code are encouraged to upgrade to one of the patched versions listed above (or newer). Users are also encouraged to verify the PGP signatures on the software distribution before compiling and installing it on their systems. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Conectiva __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n`- -------------------------------------------------------------------------- \nCONECTIVA LINUX SECURITY ANNOUNCEMENT \n- --------------------------------------------------------------------------` \n \n`PACKAGE : apache \nSUMMARY : Fix for some vulnerabilities \nDATE : 2003-11-05 19:18:00 \nID : CLA-2003:775 \nRELEVANT \nRELEASES : 7.0, 8, 9` \n \n`- -------------------------------------------------------------------------` \n \n`DESCRIPTION \nApache[1] is the most popular webserver in use today. \n \nNew versions of the Apache web server have been made available[2][3] \nwith the following security fixes: \n \n1. Buffer overflow in mod_alias and mod_rewrite (CAN-2003-0542) [4] \nA buffer overflow could occur in mod_alias and mod_rewrite when a \nregular expression with more than 9 captures is configured. Users who \ncan create or modify configuration files (httpd.conf or .htaccess, \nfor example) could trigger this. This vulnerability affects Apache \n1.3.x and Apache 2.0.x. \n \n2. mod_cgid mishandling of CGI redirect paths (CAN-2003-0789) [5] \nmod_cgid mishandling of CGI redirect paths could result in CGI output \ngoing to the wrong client when a threaded MPM is used. The packages \nprovided with Conectiva Linux 9 are not vulnerable to this issue \nbecause they are not compiled with that MPM, but the fix has been \nincluded because new packages for Conectiva Linux 9 were already \nbeing built for the suexec problem (see below). \n \nIn addition to the above security fixes, \"suexec\" has been correctly` \n` built in the Conectiva Linux 9 packages, fixing[6] the problem where \nCGI scripts could not be run from the user's home directory.` \n \n \n`SOLUTION \nIt is recommended that all Apache users upgrade their packages. \n \nIMPORTANT: it is necessary to manually restart the httpd server after \nupgrading the packages. In order to do this, execute the following as \nroot: \n \nservice httpd stop \n \n(wait a few seconds and check with \"pidof httpd\" if there are any \nhttpd processes running. On a busy webserver this could take a little \nlonger) \n \nservice httpd start \n \n \nREFERENCES \n1. <http://apache.httpd.org/> \n2. <http://www.apache.org/dist/httpd/Announcement2.html> \n3. <http://www.apache.org/dist/httpd/Announcement.html> \n4. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542> \n5. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789> \n6. <http://bugzilla.conectiva.com.br/show_bug.cgi?id=8754> (pt_BR only)` \n \n \n`UPDATED PACKAGES \n<ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/apache-1.3.28-1U70_2cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-1.3.28-1U70_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-devel-1.3.28-1U70_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-doc-1.3.28-1U70_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/SRPMS/apache-1.3.28-1U80_2cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-1.3.28-1U80_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-devel-1.3.28-1U80_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-doc-1.3.28-1U80_2cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_5cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_5cl.i386.rpm>` \n`<ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_5cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_5cl.i386.rpm>` \n \n \n`ADDITIONAL INSTRUCTIONS \nThe apt tool can be used to perform RPM packages upgrades:` \n \n` - run: apt-get update \n- after that, execute: apt-get upgrade` \n \n` Detailed instructions reagarding the use of apt and upgrade examples \ncan be found at <http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll packages are signed with Conectiva's GPG key. The key and instructions \non how to import it can be found at \n<http://distro.conectiva.com.br/seguranca/chave/?idioma=en> \nInstructions on how to check the signatures of the RPM packages can be \nfound at <http://distro.conectiva.com.br/seguranca/politica/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll our advisories and generic update instructions can be viewed at \n<http://distro.conectiva.com.br/atualizacoes/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nCopyright (c) 2003 Conectiva Inc. \n<http://www.conectiva.com>` \n \n`- ------------------------------------------------------------------------- \nsubscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br \nunsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org>` \n \n`iD8DBQE/qWk/42jd0JmAcZARAkF2AJsGfA3n7v7l8f4A8ik+Ao6uqB9NYACfZnQ4 \nqf3SjmMxGkqRYyXuBBragEE= \n=zsxK \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n \n`- --------------------------------------------------------------------------- \nGENTOO LINUX SECURITY ANNOUNCEMENT 200310-03 \n- ---------------------------------------------------------------------------` \n \n` PACKAGE : net-www/apache \nSUMMARY : buffer overflow \nDATE : Tue Oct 28 16:43:46 UTC 2003 \nEXPLOIT : local \nVERSIONS AFFECTED : <apache-1.3.29 \nFIXED VERSION : >=apache-1.3.29 \nCVE : CAN-2003-0542 (under review at time of GLSA)` \n \n`- ---------------------------------------------------------------------------` \n \n`Quote from <<http://httpd.apache.org/dev/dist/Announcement>>:` \n \n` This version of Apache is principally a bug and security fix release. \nA partial summary of the bug fixes is given at the end of this document. \nA full listing of changes can be found in the CHANGES file. Of \nparticular note is that 1.3.29 addresses and fixes 1 potential \nsecurity issue:` \n \n` o CAN-2003-0542 (cve.mitre.org) \nFix buffer overflows in mod_alias and mod_rewrite which occurred if \none configured a regular expression with more than 9 captures.` \n \n` We consider Apache 1.3.29 to be the best version of Apache 1.3 available \nand we strongly recommend that users of older versions, especially of \nthe 1.1.x and 1.2.x family, upgrade as soon as possible. No further \nreleases will be made in the 1.2.x family.` \n \n \n`SOLUTION` \n \n`It is recommended that all Gentoo Linux users who are running \nnet-misc/apache 1.x upgrade:` \n \n`emerge sync \nemerge -pv apache \nemerge '>=net-www/apache-1.3.29' \nemerge clean \n/etc/init.d/apache restart` \n \n \n`// end` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (Darwin)` \n \n`iD8DBQE/vGZWnt0v0zAqOHYRAnnUAKCf7j5ZciPl2A/lfT2G6re9L0ZjugCfQGYk \nRyV+5R/BFsdAzsMYZp9dT8A= \n=ym4e \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nGuardian Digital, Inc. has published Guardian Digital Security Advisory [ESA-20031105-030](<http://www.linuxsecurity.com/advisories/engarde_advisory-3759.html>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nUpdated: March 08, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n` ----------------------------------------------------------------- \n**REVISED 01** \nSource: HEWLETT-PACKARD COMPANY \nSECURITY BULLETIN: HPSBUX0311-301 \nOriginally issued: 18 November 2003 \nLast revised: 19 November 2003 \nSSRT3663 Apache HTTP Server mod_cgid, mod_alias, mod_rewrite \n----------------------------------------------------------------- \nNOTICE: There are no restrictions for distribution of this \nBulletin provided that it remains complete and intact.` \n \n`The information in the following Security Bulletin should be \nacted upon as soon as possible. Hewlett-Packard Company will \nnot be liable for any consequences to any customer resulting \nfrom customer's failure to fully implement instructions in this \nSecurity Bulletin as soon as possible.` \n \n` ----------------------------------------------------------------- \nPROBLEM: 1. mod_cgid mishandling of CGI redirect paths could \nresult in CGI output going to the wrong client when a \nthreaded MPM is used.` \n \n` More details are available at: \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789>` \n \n` 2. A buffer overflow could occur in mod_alias and \nmod_rewrite when a regular expression with more than \n9 captures is configured.` \n \n` More details are available at: \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542>` \n \n \n`IMPACT: Potential Denial of Service or execute arbitrary code.` \n \n`PLATFORM: HP9000 Servers running HP-UX release B.11.00, B.11.11, \nB.11.20, B.11.22, and B.11.23 with versions of the \nfollowing products are affected, and represented as: \nproduct-name, version (product-tag/bundle-tag)` \n \n` product-name, version (product-tag/bundle-tag)` \n \n` - hp apache-based web server, 2.0.43.04 \nor earlier (HPApache/B9416AA) \nThis product includes Apache 2.0.43.` \n \n` - hp-ux apache-based web server, v.1.0.09.01 \nor earlier (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.47.` \n \n` - hp apache-based web server (with IPv6 support), \n2.0.43.04 or earlier (HPApache/B9416BA) \nThis product includes Apache 2.0.43.` \n \n` - hp-ux apache-based web server(with IPv6 support), \nv.1.0.09.01 or earlier (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.47.` \n \n`SOLUTION: For HP-UX releases B.11.00, B.11.11, B.11.20, B.11.22 \nand B.11.23 download new HP Apache product from \n<http://www.software.hp.com/:>` \n \n` For HPApache/B9416AA, HPApache/B9416BA and \nhpuxwsAPACHE/hpuxwsApache download the following:` \n \n` - hp-ux apache-based web server (with IPv4) \nv.1.0.10.01 or later (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.48. \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/> \ncgi/displayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n` - hp-ux apache-based web server(with IPv6 support), \nv.1.0.10.01 or later (hpuxwsAPACHE/hpuxwsApache) \nThis product includes Apache 2.0.48. \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/> \ncgi/displayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n \n`MANUAL ACTIONS: Yes - Non-Update \nInstall the product containing the fix. \nFor customers with HPApache/B9416AA \nHPApache/B9416BA installed, the fix requires \nmigration to hpuxwsAPACHE/hpuxwsApache and \nremoving the affected products from the system.` \n \n`AVAILABILITY: Complete product bundles are available now on \n<<http://www.software.hp.com/>>` \n \n`CHANGE SUMMARY: Rev. 01 Corrected typo in version number \n----------------------------------------------------------------- \n**REVISED 01** \nA. Background \nThe Common Vulnerabilities and Exposures project \n<<http://cve.mitre.org/>> has identified potential \nvulnerabilities in the Apache HTTP Server (CAN-2003-0789, and \nCAN-2003-0542). It affects the following HP product \nnumbers/versions on HP-UX releases B.11.00, B.11.11, B.11.20, \nB.11.22, and B.11.23:` \n \n` - hp apache-based web server, 2.0.43.04 or earlier \n(HPApache/B9416AA)` \n \n` - hp-ux apache-based web server, v.1.0.09.01 or earlier \n(hpuxwsAPACHE/hpuxwsApache)` \n \n` - hp apache-based web server, 2.0.43.04 (with IPv6 support) \nor earlier (HPApache/B9416BA)` \n \n` - hp-ux apache-based web server (with IPv6 support), \nv.1.0.09.01 or earlier (hpuxwsAPACHE/hpuxwsApache)` \n \n` AFFECTED VERSIONS` \n \n` The following is a list of affected filesets or patches \nand fix information. To determine if a system has an \naffected version, search the output of \n\"swlist -a revision -l fileset\" for an affected fileset \nor patch, then determine if a fixed revision or applicable \npatch is installed.` \n \n` HP-UX B.11.00 \nHP-UX B.11.11 \nHP-UX B.11.20 \nHP-UX B.11.22 \nHP-UX B.11.23 \n==================================== \nHPApache.APACHE2 \nhpuxwsAPACHE.APACHE2 \n--->> fix: install hp-ux apache-based web server, v.1.0.10.01 \nor later.` \n \n` END AFFECTED VERSIONS` \n \n`B. Recommended solution \nThe Apache Software Foundation has released Apache 2.0.48 as \nthe best known version that fixes the problems identified in \nthe above mentioned issues.` \n \n` For customers using HPApache/B9416AA HPApache/B9416BA and \nhpuxwsAPACHE/hpuxwsApache, HP has incorporated Apache 2.0.48 \nin the following product: \n- hp-ux apache-based web server v.1.0.10.01 or later \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/> \ndisplayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n \n` Check for Apache Installation \n----------------------------- \nTo determine if the Apache web server from HP is installed on \nyour system, use Software Distributor's swlist command. All \nthree versions products may co-exist on a single system.` \n \n` For example, the results of the command \nswlist -l product | grep -i apache` \n \n` HPApache 2.0.39.01.02 HP Apache-based Web Server \nhpuxwsAPACHE A.1.0.09.01 HP-UX Apache-based Web Server` \n \n` Stop Apache \n----------------------------- \nBefore updating, make sure to stop any previous Apache binary. \nOtherwise, the previous binary will continue running, \npreventing the new one from starting, although the installation \nwould be successful.` \n \n` After determining which Apache is installed, stop Apache with \nthe following commands:` \n \n` for HPApache: /opt/hpapache2/bin/apachectl stop \nfor hpuxwsAPACHE: /opt/hpws/apache/bin/apachectl stop` \n \n` Download and Install Apache \n----------------------------- \n- Download Apache from Software Depot using the previously \nmentioned links. \n- Verify successful download by comparing the cksum with the \nvalue specified on the installation web page. \n- Use SD to swinstall the depot. \n- For customers with HPApache/B9416BA installed, migrate to \nhpuxwsAPACHE/hpuxwsApache and remove the affected products \nfrom the system.` \n \n` Installation of this new version of HP Apache over an existing \nHP Apache installation is supported, while installation over a \nnon-HP Apache is NOT supported.` \n \n` Removing Apache Installation \n---------------------------- \nIf you rather remove Apache from your system than install a \nnewer version to resolve the security problem, use both \nSoftware Distributor's \"swremove\" command and also \"rm -rf\" the \nhome location as specified in the rc.config.d file \"HOME\" \nvariables.` \n \n` To find the files containing HOME variables in the \n/etc/rc.config.d directory:` \n \n` %ls /etc/rc.config.d | grep apache \nhpapache2conf \nhpws_apacheconf` \n \n`C. To subscribe to automatically receive future NEW HP Security \nBulletins from the HP IT Resource Center via electronic \nmail, do the following:` \n \n` Use your browser to get to the HP IT Resource Center page \nat:` \n \n` <http://itrc.hp.com>` \n \n` Use the 'Login' tab at the left side of the screen to login \nusing your ID and password. Use your existing login or the \n\"Register\" button at the left to create a login, in order to \ngain access to many areas of the ITRC. Remember to save the \nUser ID assigned to you, and your password.` \n \n` In the left most frame select \"Maintenance and Support\".` \n \n` Under the \"Notifications\" section (near the bottom of \nthe page), select \"Support Information Digests\".` \n \n` To -subscribe- to future HP Security Bulletins or other \nTechnical Digests, click the check box (in the left column) \nfor the appropriate digest and then click the \"Update \nSubscriptions\" button at the bottom of the page.` \n \n` or` \n \n` To -review- bulletins already released, select the link \n(in the middle column) for the appropriate digest.` \n \n` NOTE: Using your itrc account security bulletins can be \nfound here: \n<http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin>` \n \n \n` To -gain access- to the Security Patch Matrix, select \nthe link for \"The Security Bulletins Archive\". (near the \nbottom of the page) Once in the archive the third link is \nto the current Security Patch Matrix. Updated daily, this \nmatrix categorizes security patches by platform/OS release, \nand by bulletin topic. Security Patch Check completely \nautomates the process of reviewing the patch matrix for \n11.XX systems. Please note that installing the patches \nlisted in the Security Patch Matrix will completely \nimplement a security bulletin _only_ if the MANUAL ACTIONS \nfield specifies \"No.\"` \n \n` The Security Patch Check tool can verify that a security \nbulletin has been implemented on HP-UX 11.XX systems providing \nthat the fix is completely implemented in a patch with no \nmanual actions required. The Security Patch Check tool cannot \nverify fixes implemented via a product upgrade.` \n \n` For information on the Security Patch Check tool, see: \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/> \ndisplayProductInfo.pl?productNumber=B6834AA` \n \n` The security patch matrix is also available via anonymous \nftp:` \n \n` <ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/>` \n \n` On the \"Support Information Digest Main\" page: \nclick on the \"HP Security Bulletin Archive\".` \n \n` The PGP key used to sign this bulletin is available from \nseveral PGP Public Key servers. The key identification \ninformation is:` \n \n` 2D2A7D59 \nHP Security Response Team (Security Bulletin signing only) \n<security-alert@hp.com> \nFingerprint = \n6002 6019 BFC1 BC62 F079 862E E01F 3AFC 2D2A 7D59` \n \n` If you have problems locating the key please write to \nsecurity-alert@hp.com. Please note that this key is \nfor signing bulletins only and is not the key returned \nby sending 'get key' to security-alert@hp.com.` \n \n \n`D. To report new security vulnerabilities, send email to` \n \n` security-alert@hp.com` \n \n` Please encrypt any exploit information using the \nsecurity-alert PGP key, available from your local key \nserver, or by sending a message with a -subject- (not body) \nof 'get key' (no quotes) to security-alert@hp.com.` \n \n` -----------------------------------------------------------------` \n \n`(c)Copyright 2003 Hewlett-Packard Company \nHewlett-Packard Company shall not be liable for technical or \neditorial errors or omissions contained herein. The information \nin this document is subject to change without notice. \nHewlett-Packard Company and the names of HP products referenced \nherein are trademarks and/or service marks of Hewlett-Packard \nCompany. Other product and company names mentioned herein may be \ntrademarks and/or service marks of their respective owners.` \n \n` ________________________________________________________________ \n- --` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: PGP 8.0` \n \n`iQA/AwUBP7wcI+AfOvwtKn1ZEQLrYACg57hw7CsQg63mHb936Iv7mb4ZB1cAoNi5 \nS6ApYHc0R0qvXKQTDOvx0K2X \n=Iijo \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### MandrakeSoft __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nMandrakeSoft has published MandrakeSoft Security Advisory [MDKSA-2003:103](<http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### OpenPKG __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe OpenPKG development team has published OpenPKG Security Advisory [OpenPKG-SA-2003.046](<http://www.openpkg.org/security/OpenPKG-SA-2003.046-apache.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Red Hat Inc. __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRed Hat, Inc. has published the following Red Hat Security Advisories in response to this issue:\n\n * [RHSA-2003:320](<http://rhn.redhat.com/errata/RHSA-2003-320.html>)\n * [RHSA-2003:360](<http://rhn.redhat.com/errata/RHSA-2003-360.html>)\n * [RHSA-2003:405](<http://rhn.redhat.com/errata/RHSA-2003-405.html>)\n * [RHSA-2004:015](<http://rhn.redhat.com/errata/RHSA-2004-015.html>)\nUsers are encouraged to review the information provided in these advisories and apply the patches they refer to. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### SCO __ Affected\n\nUpdated: March 08, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe SCO Group has published SCO Security Advisory [CSSA-2003-SCO.28](<ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.28/CSSA-2003-SCO.28.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### SGI __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSGI has published [SGI Advanced Linux Environment security update #7](<ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc>) in response to this issue. Users are encouraged to review this bulletin and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Slackware __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1` \n \n`[slackware-security] apache security update (SSA:2003-308-01)` \n \n`Apache httpd is a hypertext transfer protocol server, and is used \nby over two thirds of the Internet's web sites.` \n \n`Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, \nand -current. These fix local vulnerabilities that could allow users \nwho can create or edit Apache config files to gain additional \nprivileges. Sites running Apache should upgrade to the new packages.` \n \n`In addition, new mod_ssl packages have been prepared for all platforms, \nand new PHP packages have been prepared for Slackware 8.1, 9.0, and \n- -current (9.1 already uses PHP 4.3.3). In -current, these packages \nalso move the Apache module directory from /usr/libexec to \n/usr/libexec/apache. Links for all of these related packages are \nprovided below.` \n \n`More details about the Apache issue may be found in the Common \nVulnerabilities and Exposures (CVE) database:` \n \n` <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542>` \n \n \n`Here are the details from the Slackware 9.1 ChangeLog: \n+--------------------------+ \nMon Nov 3 20:06:29 PST 2003 \npatches/packages/apache-1.3.29-i486-1.tgz: Upgraded to apache-1.3.29. \nThis fixes the following local security issue: \no CAN-2003-0542 (cve.mitre.org) \nFix buffer overflows in mod_alias and mod_rewrite which occurred if \none configured a regular expression with more than 9 captures. \nThis vulnerability requires the attacker to create or modify certain \nApache configuration files, and is not a remote hole. However, it could \npossibly be used to gain additional privileges if access to the Apache \nadministrator account can be gained through some other means. All sites \nrunning Apache should upgrade. \n(* Security fix *) \n+--------------------------+` \n \n \n`WHERE TO FIND THE NEW PACKAGES: \n+-----------------------------+` \n \n`Updated packages for Slackware 8.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.3-i386-1.tgz>` \n \n`Updated packages for Slackware 9.0: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.16_1.3.29-i386-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.3-i386-1.tgz>` \n \n`Updated packages for Slackware 9.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.29-i486-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.16_1.3.29-i486-1.tgz>` \n \n`Updated packages for Slackware -current: \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.29-i486-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.16_1.3.29-i486-1.tgz> \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.3-i486-3.tgz>` \n \n \n`MD5 SIGNATURES: \n+-------------+` \n \n`Slackware 8.1 packages: \n1a8190a214c052f0707bd5a6b005a7cd apache-1.3.29-i386-1.tgz \neb74afbc99295c01d418b576e92e83bb mod_ssl-2.8.16_1.3.29-i386-1.tgz \nb41a44c3ce2a3a09873b5d0930faf4c1 php-4.3.3-i386-1.tgz` \n \n`Slackware 9.0 packages: \nbb34ae622245f57bdca747ac5d8f73cf apache-1.3.29-i386-1.tgz \nc84af5778a5667a06a60a274f2fe1edb mod_ssl-2.8.16_1.3.29-i386-1.tgz \n7660e36f2cfb30cc339734369cca7719 php-4.3.3-i386-1.tgz` \n \n`Slackware 9.1 packages: \n9b494bb3f03cb4a4cb8c28f4fcc76666 apache-1.3.29-i486-1.tgz \n938412e01daf55fee37293a5790d907f mod_ssl-2.8.16_1.3.29-i486-1.tgz` \n \n`Slackware -current packages: \n091c22d398c51fee820dd0d0b7d514e3 apache-1.3.29-i486-1.tgz \ncd260439c9f1373329ba2224ace0451d mod_ssl-2.8.16_1.3.29-i486-1.tgz \ncc90540cc07e840e5a0513ffbb308102 php-4.3.3-i486-3.tgz` \n \n \n`INSTALLATION INSTRUCTIONS: \n+------------------------+` \n \n`First, stop apache:` \n \n`# apachectl stop` \n \n`Next, upgrade these packages as root:` \n \n`# upgradepkg apache-1.3.29-i486-1.tgz \n# upgradepkg mod_ssl-2.8.16_1.3.29-i486-1.tgz \n# upgradepkg php-4.3.3-i486-3.tgz` \n \n`Finally, restart apache:` \n \n`# apachectl start` \n \n`Or, if you're running a secure server with mod_ssl:` \n \n`# apachectl startssl` \n \n \n`+-----+` \n \n`Slackware Linux Security Team \n<http://slackware.com/gpg-key> \nsecurity@slackware.com` \n \n`+------------------------------------------------------------------------+ \n| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | \n+------------------------------------------------------------------------+ \n| Send an email to majordomo@slackware.com with this text in the body of | \n| the email message: | \n| | \n| unsubscribe slackware-security | \n| | \n| You will get a confirmation message back. Follow the instructions to | \n| complete the unsubscription. Do not reply to this message to | \n| unsubscribe! | \n+------------------------------------------------------------------------+` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/qEKrakRjwEAQIjMRArvcAKCMB2tJJVmHitflS/Rc0yG9kksiPACeP0Dd \n7HXUeO3O/cg1yufkh2Zvrqg= \n=YQdI \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nUpdated: March 08, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSun Microsystems, Inc. has published [Sun Security Alert #57496](<http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57496>) in response to this issue. Users are encouraged to review this alert and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\n### Trustix __ Affected\n\nUpdated: February 02, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Trustix development team has published [Trustix Secure Linux Security Advisory #2003-0041](<http://www.trustix.org/errata/misc/2003/TSL-2003-0041-apache.asc.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23434566 Feedback>).\n\nView all 13 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.secunia.com/advisories/10153/>\n * <http://www.secunia.com/advisories/10114/>\n * <http://www.secunia.com/advisories/10112/>\n * <http://www.secunia.com/advisories/10102/>\n * <http://www.secunia.com/advisories/10098/>\n * <http://www.secunia.com/advisories/10096/>\n * <http://www.secunia.com/advisories/10260/>\n * <http://www.secunia.com/advisories/10264/>\n * <http://www.secunia.com/advisories/10463/>\n\n### Acknowledgements\n\nThe Apache Software Foundation credits Andr\u00e9 Malo with the discovery of this vulnerability.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0542](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0542>) \n---|--- \n**Severity Metric:** | 0.61 \n**Date Public:** | 2003-10-30 \n**Date First Published:** | 2004-02-03 \n**Date Last Updated: ** | 2004-03-19 19:59 UTC \n**Document Revision: ** | 29 \n", "modified": "2004-03-19T19:59:00", "published": "2004-02-03T00:00:00", "id": "VU:434566", "href": "https://www.kb.cert.org/vuls/id/434566", "type": "cert", "title": "Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}