Executive Summary
Summary | |
---|---|
Title | Updated apache and mod_ssl packages fix security vulnerabilities |
Informations | |||
---|---|---|---|
Name | RHSA-2004:600 | First vendor Publication | 2004-12-13 |
Vendor | RedHat | Last vendor Modification | 2004-12-13 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. A buffer overflow was discovered in the mod_include module. This flaw could allow a local user who is authorized to create server-side include (SSI) files to gain the privileges of a httpd child (user 'apache'). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0940 to this issue. The mod_digest module does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that mod_digest implements an older version of the MD5 Digest Authentication specification, which is known not to work with modern browsers. This issue does not affect mod_auth_digest. (CAN-2003-0987). An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in a directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client is able to access that location using any cipher suite allowed by the virtual host configuration. (CAN-2004-0885). Several bugs in mod_ssl were also discovered, including: - - memory leaks in SSL variable handling - - possible crashes in the dbm and shmht session caches Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 131360 - RHEL 2.1 mod_ssl missing shmht fixes 134826 - CAN-2004-0885 SSLCipherSuite bypass 137417 - CAN-2004-0940 mod_include local escalation 137419 - CAN-2003-0987 mod_digest nonce checking flaw |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-600.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CAPEC-123 | Buffer Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-131 | Incorrect Calculation of Buffer Size (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:100108 | |||
Oval ID: | oval:org.mitre.oval:def:100108 | ||
Title: | Apache Nonce Verification Response Replay Vulnerability | ||
Description: | mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0987 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | Apache |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10384 | |||
Oval ID: | oval:org.mitre.oval:def:10384 | ||
Title: | The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||
Description: | The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0885 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4416 | |||
Oval ID: | oval:org.mitre.oval:def:4416 | ||
Title: | Apache mod_digest Nonce Verification Vulnerability | ||
Description: | mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0987 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | Apache |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for apache2 File : nvt/sles9p5009713.nasl |
2009-10-10 | Name : SLES9: Security update for apache File : nvt/sles9p5014050.nasl |
2009-05-05 | Name : HP-UX Update for HP-UX Pkg HPSBUX01123 File : nvt/gb_hp_ux_HPSBUX01123.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-22 (Apache) File : nvt/glsa_200405_22.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-21 (apache) File : nvt/glsa_200410_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-03 (apache) File : nvt/glsa_200411_03.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache0.nasl |
2008-09-04 | Name : FreeBSD Ports: ru-apache+mod_ssl File : nvt/freebsd_ru-apache+mod_ssl.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 594-1 (apache) File : nvt/deb_594_1.nasl |
2005-11-03 | Name : Apache mod_include priviledge escalation File : nvt/apache_mod_include_priv_escalation.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-133-01 apache File : nvt/esoft_slk_ssa_2004_133_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php File : nvt/esoft_slk_ssa_2004_299_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-305-01 apache+mod_ssl File : nvt/esoft_slk_ssa_2004_305_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12881 | OpenBSD httpd mod_include Local Overflow A local overflow exists in OpenBSD. The mod_include module for httpd fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
11003 | Apache HTTP Server mod_include get_tag() Function Local Overflow A local overflow exists in the Apache HTTP server mod_include module (compiled in by default). The get_tag() function in mod_include.c contains a logic flaw resulting in a buffer overflow. A local attacker who is authorized to create server side include (SSI) files, can create a specially crafted HTML file and cause arbitrary code execution with the privileges of the httpd child process, resulting in a loss of integrity. |
10637 | Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass Apache mod_ssl SSL CipherSuite contains a flaw that may allow a malicious user to bypass SSL CipherSuite access restrictions. The issue is triggered when the SSL CipherSuite directive is used with a directory context to require a restricted set of cipher suites. An attacker can use an alternate ciphersuite possibly allowing them to bypass access restrictions resulting in a loss of confidentiality and/or integrity. |
3819 | Apache HTTP Server mod_digest Cross Realm Credential Replay Apache mod_digest contains a flaw that may allow a malicious user to conduct replay attack against a website using htdigest protection. The issue is triggered when sending the digest authentication credentials again to a different website. It is possible that the flaw may allow gain unauthorised access to other websites. resulting in a loss of confidentiality, integrity, and/or availability. |
Snort® IPS/IDS
Date | Description |
---|---|
2015-07-28 | Apache mod_include buffer overflow attempt RuleID : 34973 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4238151d207a11d9bfe20090962cff2a.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6e6a6b8a2fde11d9b3a20050fc56d258.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-177-1.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2005-007.nasl - Type : ACT_GATHER_INFO |
2005-08-08 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_33075.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-299-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-133-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-305-01.nasl - Type : ACT_GATHER_INFO |
2004-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-600.nasl - Type : ACT_GATHER_INFO |
2004-12-02 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20041202.nasl - Type : ACT_GATHER_INFO |
2004-11-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-420.nasl - Type : ACT_GATHER_INFO |
2004-11-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-594.nasl - Type : ACT_GATHER_INFO |
2004-11-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-134.nasl - Type : ACT_GATHER_INFO |
2004-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-562.nasl - Type : ACT_GATHER_INFO |
2004-11-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-122.nasl - Type : ACT_GATHER_INFO |
2004-11-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-03.nasl - Type : ACT_GATHER_INFO |
2004-10-25 | Name : The remote web server is affected by a local buffer overflow vulnerability. File : apache_mod_include_priv_escalation.nasl - Type : ACT_GATHER_INFO |
2004-10-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-21.nasl - Type : ACT_GATHER_INFO |
2004-10-17 | Name : The remote host is missing Sun Security Patch number 116973-07 File : solaris8_116973.nasl - Type : ACT_GATHER_INFO |
2004-10-17 | Name : The remote host is missing Sun Security Patch number 116974-07 File : solaris8_x86_116974.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200405-22.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-046.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 113146-13 File : solaris9_113146.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114145-12 File : solaris9_x86_114145.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:45 |
|