Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:068: apache Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the apache package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:068 (apache).
A number of vulnerabilities were discovered in Apache versions prior to 1.3.27.
The first is regarding the use of shared memory (SHM) in Apache. A possible hacker
that is able to execute code as the UID of the webserver (typically 'apache') is
able to send arbitrary processes a USR1 signal as root. Using this
vulnerability, the attacker can also cause the Apache process to continously
span more children processes, thus causing a local DoS. Another vulnerability
was discovered by Matthew Murphy regarding a cross site scripting vulnerability
in the standard 404 error page. Finally, some buffer overflows were found in the
'ab' benchmark program that is included with Apache.
All of these vulnerabilities were fixed in Apache 1.3.27
the packages provided
have these fixes applied.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:068
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.