Mandrake Linux Security Advisory : apache2 (MDKSA-2003:075-1)

Medium Nessus Plugin ID 14058


The remote Mandrake Linux host is missing a security update.


Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes :

Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the new one (CVE-2003-0192).

Certain errors returned by accept() on rarely accessed ports could cause temporary Denial of Service due to a bug in the prefork MPM (CVE-2003-0253).

Denial of Service was caused when target host is IPv6 but FTP proxy server can't create IPv6 socket (CVE-2003-0254).

The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests (VU#379828).

The Apache Software Foundation thanks Saheed Akhtar and Yoshioka Tsuneo for responsibly reporting these issues.

To upgrade these apache packages, first stop Apache by issuing, as root :

service httpd stop

After the upgrade, restart Apache with :

service httpd start

Update :

The previously released packages had a manpage conflict between apache2-common and apache-1.3 that prevented both packages from being installed at the same time. This update provides a fixed apache2-common package.


Update the affected apache2-common package.

See Also

Plugin Details

Severity: Medium

ID: 14058

File Name: mandrake_MDKSA-2003-075.nasl

Version: $Revision: 1.21 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:apache2-common, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/08/28

Reference Information

CVE: CVE-2003-0192, CVE-2003-0253, CVE-2003-0254

CERT: 379828

MDKSA: 2003:075-1