Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Several vulnerabilities were discovered in Apache 2.x versions prior
to 2.0.47. From the Apache 2.0.47 release notes :

Certain sequences of per-directory renegotiations and the
SSLCipherSuite directive being used to upgrade from a weak ciphersuite
to a strong one could result in the weak ciphersuite being used in
place of the new one (CVE-2003-0192).

Certain errors returned by accept() on rarely accessed ports could
cause temporary Denial of Service due to a bug in the prefork MPM
(CVE-2003-0253).

Denial of Service was caused when target host is IPv6 but FTP proxy
server can't create IPv6 socket (CVE-2003-0254).

The server would crash when going into an infinite loop due to too
many subsequent internal redirects and nested subrequests (VU#379828).

The Apache Software Foundation thanks Saheed Akhtar and Yoshioka
Tsuneo for responsibly reporting these issues.

To upgrade these apache packages, first stop Apache by issuing, as
root :

service httpd stop

After the upgrade, restart Apache with :

service httpd start

Update :

The previously released packages had a manpage conflict between
apache2-common and apache-1.3 that prevented both packages from being
installed at the same time. This update provides a fixed
apache2-common package.

See also :

http://marc.info/?l=bugtraq&m=105259038503175

Solution :

Update the affected apache2-common package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14058 (mandrake_MDKSA-2003-075.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0192
CVE-2003-0253
CVE-2003-0254

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now