Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-34
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 18 Sep 2008
Last revised: 18 Sep 2008

Package: httpd

Summary: Cross-site scripting (XSS) vulnerability

More information:
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server. Apache is also the most popular Web server on the Internet.

    Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module
    in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in
    Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary
    web script or HTML via a wildcard in the last directory component in the pathname
    in an FTP URI. (CVE-2008-2939)

Affected Products:
    - Turbolinux Client 2008
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal

<Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/httpd-2.2.6-10.src.rpm
      4776718 5b5cdcd203ced7cc9e5bdd190c0aa41d

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/httpd-2.2.6-10.i586.rpm
      1232148 3d67295de4fa3477b87755c905fce93f
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/httpd-devel-2.2.6-10.i586.rpm
       148740 3c4e55459b21d274f0a29df736fae492

<Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   httpd-2.2.6-10.src.rpm
      4776445 6fe54e202d38be1172e7ead5b6866691

   Binary Packages
   Size: MD5

   httpd-2.2.6-10.x86_64.rpm
      1249458 86daa821650cdaf21479572c0dd74e4c
   httpd-manual-2.2.6-10.x86_64.rpm
       859031 8913f45ff4d9361b7cac18d268ccae24
   httpd-rootsrv-2.2.6-10.x86_64.rpm
       230037 faf1d57f2ef3672fe63dd9b15f0fc4c8
   mod_ssl-2.2.6-10.x86_64.rpm
        89708 5a5ebccfe29ed2076643de0ce71eb250

<Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   httpd-2.2.6-10.src.rpm
      4776445 6fe54e202d38be1172e7ead5b6866691

   Binary Packages
   Size: MD5

   httpd-2.2.6-10.i686.rpm
      1177558 75f6c47cc25eccce3c87943d41746d53
   httpd-manual-2.2.6-10.i686.rpm
       858875 76d04221d155557759f5c8a208cc081b
   httpd-rootsrv-2.2.6-10.i686.rpm
       216647 7d7e002de353deb9947894e0317ed8e3
   mod_ssl-2.2.6-10.i686.rpm
        85565 3d9e5f9e8e7d64e469f00c8d219919f8

<Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-10.src.rpm
      4776445 6fe54e202d38be1172e7ead5b6866691

   Binary Packages
   Size: MD5

   httpd-2.2.6-10.x86_64.rpm
      1249458 86daa821650cdaf21479572c0dd74e4c
   httpd-devel-2.2.6-10.x86_64.rpm
       153169 f0cbf32797f2bff7194f51e9eae260c8
   httpd-manual-2.2.6-10.x86_64.rpm
       859031 8913f45ff4d9361b7cac18d268ccae24
   mod_ssl-2.2.6-10.x86_64.rpm
        89708 5a5ebccfe29ed2076643de0ce71eb250

<Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-10.src.rpm
      4776445 6fe54e202d38be1172e7ead5b6866691

   Binary Packages
   Size: MD5

   httpd-2.2.6-10.i686.rpm
      1177558 75f6c47cc25eccce3c87943d41746d53
   httpd-devel-2.2.6-10.i686.rpm
       153815 45b3045146fd0b71e32234fbf7234354
   httpd-manual-2.2.6-10.i686.rpm
       858875 76d04221d155557759f5c8a208cc081b
   mod_ssl-2.2.6-10.i686.rpm
        85565 3d9e5f9e8e7d64e469f00c8d219919f8

<Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   httpd-2.0.51-37.src.rpm
      6859863 a5fc776ad33967968604c0c09697bd0b

   Binary Packages
   Size: MD5

   httpd-2.0.51-37.i586.rpm
      1033210 2df72789c4eeb281407b090908f308a8
   httpd-devel-2.0.51-37.i586.rpm
       225599 39642f98e411cdc570d1709b4e8ec3e5
   httpd-manual-2.0.51-37.i586.rpm
      1133919 331ba82dfde87bbcf260b4a4daa8165c
   mod_bwshare-2.0.51-37.i586.rpm
        41830 0e5dc163c80325308002cd39dac3ab56
   mod_ssl-2.0.51-37.i586.rpm
        89774 dd58a30d3c8f2704e06b4adb57084636

<Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-23.src.rpm
      7625833 6da89085b3ef3767b60c55cf84305b29

   Binary Packages
   Size: MD5

   httpd-2.0.54-23.i686.rpm
      1266820 572764e31beac54e5f95603f9595251e
   httpd-devel-2.0.54-23.i686.rpm
       276783 536dce88edc52ccdf1076454b876987e

<Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-37.src.rpm
      6859863 86f2cb2c8069dc8f7e6a9013affa63de

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-37.x86_64.rpm
      1144126 ee207355cba106c32b3911688a471bef
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-37.x86_64.rpm
      3534454 5fea25ab4f67909850b5f73b7c2d70a6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-37.x86_64.rpm
       225621 6170d6d5d2035ac7a14f0ab1ce4eb804
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-37.x86_64.rpm
      1133835 4d207056a48e94fd3f92e9f59bfc8cec
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-37.x86_64.rpm
        42563 c59c911bd4849689d67c5aaba1961a72
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-37.x86_64.rpm
        97411 1aad117df22a1c892474f5c776bc5630

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-37.src.rpm
      6859863 a5fc776ad33967968604c0c09697bd0b

   Binary Packages
   Size: MD5

   httpd-2.0.51-37.i586.rpm
      1033210 2df72789c4eeb281407b090908f308a8
   httpd-debug-2.0.51-37.i586.rpm
      3542082 fdbde072e9a85b2246167023f28bc694
   httpd-devel-2.0.51-37.i586.rpm
       225599 39642f98e411cdc570d1709b4e8ec3e5
   httpd-manual-2.0.51-37.i586.rpm
      1133919 331ba82dfde87bbcf260b4a4daa8165c
   mod_bwshare-2.0.51-37.i586.rpm
        41830 0e5dc163c80325308002cd39dac3ab56
   mod_ssl-2.0.51-37.i586.rpm
        89774 dd58a30d3c8f2704e06b4adb57084636

<Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-25.src.rpm
      6328038 f41706615f4c90774a269c472cebbe4f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-25.i586.rpm
       893308 aa1effc96d0cb0ae52a548d32b1cb63a

References:

CVE
   [CVE-2008-2939]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

--------------------------------------------------------------------------
Revision History
    18 Sep 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjSC+UACgkQK0LzjOqIJMzgJwCgieZt3RUmBOpef8PWPkE0EpSk
rtgAniq0r/+aCrW0cxWvRvGlQc556Jns
=2Msj
-----END PGP SIGNATURE-----