Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64774
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-802-2 (apache2)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to apache2
announced via advisory USN-802-2.

Details follow:

USN-802-1 fixed vulnerabilities in Apache. The upstream fix for
CVE-2009-1891 introduced a regression that would cause Apache children to
occasionally segfault when mod_deflate is used. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that mod_proxy_http did not properly handle a large
amount of streamed data when used as a reverse proxy. A remote attacker
could exploit this and cause a denial of service via memory resource
consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
(CVE-2009-1890)

It was discovered that mod_deflate did not abort compressing large files
when the connection was closed. A remote attacker could exploit this and
cause a denial of service via CPU resource consumption. (CVE-2009-1891)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.8
apache2-mpm-perchild 2.0.55-4ubuntu2.8
apache2-mpm-prefork 2.0.55-4ubuntu2.8
apache2-mpm-worker 2.0.55-4ubuntu2.8
libapr0 2.0.55-4ubuntu2.8

Ubuntu 8.04 LTS:
apache2-mpm-event 2.2.8-1ubuntu0.11
apache2-mpm-perchild 2.2.8-1ubuntu0.11
apache2-mpm-prefork 2.2.8-1ubuntu0.11
apache2-mpm-worker 2.2.8-1ubuntu0.11
apache2.2-common 2.2.8-1ubuntu0.11

Ubuntu 8.10:
apache2-mpm-event 2.2.9-7ubuntu3.3
apache2-mpm-prefork 2.2.9-7ubuntu3.3
apache2-mpm-worker 2.2.9-7ubuntu3.3
apache2.2-common 2.2.9-7ubuntu3.3

Ubuntu 9.04:
apache2-mpm-event 2.2.11-2ubuntu2.3
apache2-mpm-prefork 2.2.11-2ubuntu2.3
apache2-mpm-worker 2.2.11-2ubuntu2.3
apache2.2-common 2.2.11-2ubuntu2.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-802-2

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1891
AIX APAR: PK91361
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361
AIX APAR: PK99480
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Bugtraq: 20091113 rPSA-2009-0142-2 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/507857/100/0/threaded
Debian Security Information: DSA-1834 (Google Search)
http://www.debian.org/security/2009/dsa-1834
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html
http://security.gentoo.org/glsa/glsa-200907-04.xml
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
http://www.mandriva.com/security/advisories?name=MDVSA-2009:149
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712
http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2
http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
http://osvdb.org/55782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248
RedHat Security Advisories: RHSA-2009:1148
https://rhn.redhat.com/errata/RHSA-2009-1148.html
http://www.redhat.com/support/errata/RHSA-2009-1156.html
http://www.securitytracker.com/id?1022529
http://secunia.com/advisories/35721
http://secunia.com/advisories/35781
http://secunia.com/advisories/35793
http://secunia.com/advisories/35865
http://secunia.com/advisories/37152
http://secunia.com/advisories/37221
SuSE Security Announcement: SUSE-SA:2009:050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://www.ubuntu.com/usn/USN-802-1
http://www.vupen.com/english/advisories/2009/1841
http://www.vupen.com/english/advisories/2009/3184
Common Vulnerability Exposure (CVE) ID: CVE-2009-1890
AIX APAR: PK91259
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91259
BugTraq ID: 35565
http://www.securityfocus.com/bid/35565
Bugtraq: 20091112 rPSA-2009-0142-1 httpd mod_ssl (Google Search)
http://www.securityfocus.com/archive/1/507852/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://osvdb.org/55553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12330
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8616
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403
http://www.securitytracker.com/id?1022509
http://secunia.com/advisories/35691
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.