Executive Summary

Summary
Titlehttpd security update
Informations
NameRHSA-2009:1075First vendor Publication2009-05-27
VendorRedHatLast vendor Modification2009-05-27
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was found in the handling of compression structures between mod_ssl
and OpenSSL. If too many connections were opened in a short period of time,
all system memory and swap space would be consumed by httpd, negatively
impacting other processes, or causing a system crash. (CVE-2008-1678)

Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5
prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in
Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e
version.

A flaw was found in the handling of the "Options" and "AllowOverride"
directives. In configurations using the "AllowOverride" directive with
certain "Options=" arguments, local users were not restricted from
executing commands from a Server-Side-Include script as intended.
(CVE-2009-1195)

All httpd users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Users must restart httpd for
this update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

447268 - CVE-2008-1678 httpd: mod_ssl per-connection memory leak for connections with zlib compression
489436 - CVE-2009-1195 AllowOverride Options=IncludesNoExec allows Options Includes
497077 - memory leak in httpd

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1075.html

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9754
 
Oval ID: oval:org.mitre.oval:def:9754
Title: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Description: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1678
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8704
 
Oval ID: oval:org.mitre.oval:def:8704
Title: Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Description: The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1195
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12377
 
Oval ID: oval:org.mitre.oval:def:12377
Title: HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
Description: The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1195
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11094
 
Oval ID: oval:org.mitre.oval:def:11094
Title: The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Description: The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1195
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22777
 
Oval ID: oval:org.mitre.oval:def:22777
Title: ELSA-2009:1075: httpd security update (Moderate)
Description: The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Family: unix Class: patch
Reference(s): ELSA-2009:1075-01
CVE-2008-1678
CVE-2009-1195
Version: 10
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application15
Application3

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for httpd CESA-2009:1075 centos5 i386
File : nvt/gb_CESA-2009_1075_httpd_centos5_i386.nasl
2011-01-04Name : HP-UX Update for Apache-based Web Server HPSBUX02612
File : nvt/gb_hp_ux_HPSBUX02612.nasl
2010-05-12Name : Mac OS X Security Update 2008-007
File : nvt/macosx_secupd_2008-007.nasl
2010-05-12Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl
2010-01-22Name : Mandriva Update for openssl MDVSA-2010:022 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_022.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:323 (apache)
File : nvt/mdksa_2009_323.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-27Name : SLES10: Security update for Apache 2
File : nvt/sles10_apache21.nasl
2009-10-27Name : SLES11: Security update for Apache 2
File : nvt/sles11_apache2.nasl
2009-10-27Name : SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
File : nvt/suse_sa_2009_050.nasl
2009-09-02Name : Fedora Core 11 FEDORA-2009-8812 (httpd)
File : nvt/fcore_2009_8812.nasl
2009-09-02Name : FreeBSD Ports: apache
File : nvt/freebsd_apache15.nasl
2009-07-29Name : RedHat Security Advisory RHSA-2009:1156
File : nvt/RHSA_2009_1156.nasl
2009-07-29Name : Gentoo Security Advisory GLSA 200907-04 (apache)
File : nvt/glsa_200907_04.nasl
2009-07-15Name : Mandrake Security Advisory MDVSA-2009:124-1 (apache)
File : nvt/mdksa_2009_124_1.nasl
2009-06-23Name : Debian Security Advisory DSA 1816-1 (apache2)
File : nvt/deb_1816_1.nasl
2009-06-15Name : Ubuntu USN-787-1 (apache2)
File : nvt/ubuntu_787_1.nasl
2009-06-05Name : RedHat Security Advisory RHSA-2009:1075
File : nvt/RHSA_2009_1075.nasl
2009-06-05Name : Mandrake Security Advisory MDVSA-2009:124 (apache)
File : nvt/mdksa_2009_124.nasl
2009-06-05Name : CentOS Security Advisory CESA-2009:1075 (httpd)
File : nvt/ovcesa2009_1075.nasl
2009-05-28Name : Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
File : nvt/apache_CVE_2009_1195.nasl
2009-03-13Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-02-17Name : Fedora Update for httpd FEDORA-2008-6393
File : nvt/gb_fedora_2008_6393_httpd_fc9.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200807-06 (apache)
File : nvt/glsa_200807_06.nasl
0000-00-00Name : Slackware Advisory SSA:2009-214-01 httpd
File : nvt/esoft_slk_ssa_2009_214_01.nasl
0000-00-00Name : Slackware Advisory SSA:2010-060-02 openssl
File : nvt/esoft_slk_ssa_2010_060_02.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
54733Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
47810OpenSSL libssl crypto/comp/c_zlib.c zlib_stateful_init Function Memory Exhaus...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1075.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090527_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-6572.nasl - Type : ACT_GATHER_INFO
2010-03-11Name : The remote web server has multiple SSL-related vulnerabilities.
File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO
2010-03-02Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-060-02.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-022.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1075.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO
2009-10-30Name : The remote SuSE system is missing the security patch apache2-6576
File : suse_apache2-6576.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote SuSE system is missing a security patch for apache2
File : suse_11_0_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-6571.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote SuSE system is missing a security patch for apache2
File : suse_11_1_apache2-091020.nasl - Type : ACT_GATHER_INFO
2009-09-02Name : The remote Fedora host is missing a security update.
File : fedora_2009-8812.nasl - Type : ACT_GATHER_INFO
2009-08-31Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_7_0_0_5.nasl - Type : ACT_GATHER_INFO
2009-08-25Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_e15f2356913911de8f42001aa0166822.nasl - Type : ACT_GATHER_INFO
2009-08-03Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-214-01.nasl - Type : ACT_GATHER_INFO
2009-08-02Name : The remote web server may be affected by several issues.
File : apache_2_2_12.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for apache2
File : suse_11_0_apache2-080925.nasl - Type : ACT_GATHER_INFO
2009-07-13Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200907-04.nasl - Type : ACT_GATHER_INFO
2009-06-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1816.nasl - Type : ACT_GATHER_INFO
2009-06-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-787-1.nasl - Type : ACT_GATHER_INFO
2009-06-01Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-124.nasl - Type : ACT_GATHER_INFO
2009-05-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1075.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-731-1.nasl - Type : ACT_GATHER_INFO
2008-11-05Name : The remote SuSE system is missing the security patch apache2-5648
File : suse_apache2-5648.nasl - Type : ACT_GATHER_INFO
2008-10-10Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-007.nasl - Type : ACT_GATHER_INFO
2008-08-08Name : The remote Fedora host is missing a security update.
File : fedora_2008-6393.nasl - Type : ACT_GATHER_INFO
2008-07-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200807-06.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:52:33
  • Multiple Updates