RHEL 2.1 : apache, mod_ssl (RHSA-2004:600)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated apache and mod_ssl packages that fix various minor security
issues and bugs in the Apache Web server are now available for Red Hat
Enterprise Linux 2.1.

The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The mod_ssl module provides strong
cryptography for the Apache Web server via the Secure Sockets Layer
(SSL) and Transport Layer Security (TLS) protocols.

A buffer overflow was discovered in the mod_include module. This flaw
could allow a local user who is authorized to create server-side
include (SSI) files to gain the privileges of a httpd child (user
'apache'). The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0940 to this issue.

The mod_digest module does not properly verify the nonce of a client
response by using a AuthNonce secret. This could allow a malicious
user who is able to sniff network traffic to conduct a replay attack
against a website using Digest protection. Note that mod_digest
implements an older version of the MD5 Digest Authentication
specification, which is known not to work with modern browsers. This
issue does not affect mod_auth_digest. (CVE-2003-0987).

An issue has been discovered in the mod_ssl module when configured to
use the 'SSLCipherSuite' directive in a directory or location context.
If a particular location context has been configured to require a
specific set of cipher suites, then a client is able to access that
location using any cipher suite allowed by the virtual host
configuration. (CVE-2004-0885).

Several bugs in mod_ssl were also discovered, including :

- memory leaks in SSL variable handling

- possible crashes in the dbm and shmht session caches

Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should
upgrade to these erratum packages, which contains Apache version
1.3.27 with backported patches correcting these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0987.html
https://www.redhat.com/security/data/cve/CVE-2004-0885.html
https://www.redhat.com/security/data/cve/CVE-2004-0940.html
http://rhn.redhat.com/errata/RHSA-2004-600.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 15960 ()

Bugtraq ID:

CVE ID: CVE-2003-0987
CVE-2004-0885
CVE-2004-0940