Anyone know how to see if UseCannocialName is on or off by default? I am using Apache 1.3.26.
Thanks, Roger On Mon, 2002-11-04 at 10:26, Martin Schulze wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 187-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > November 4th, 2002 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : apache > Vulnerability : several > Problem-Type : remote, local > Debian-specific: no > CVE Id : CAN-2002-0839 CAN-2002-0840 CAN-2002-0843 CAN-2001-0131 > CAN-2002-1233 > BugTraq ID : 5847 5884 5887 > > According to David Wagner, iDEFENSE and the Apache HTTP Server > Project, several remotely exploitable vulnerabilities have been found > in the Apache package, a commonly used webserver. These > vulnerabilities could allow an attacker to enact a denial of service > against a server or execute a cross scripting attack. The Common > Vulnerabilities and Exposures (CVE) project identified the following > vulnerabilities: > > 1. CAN-2002-0839: A vulnerability exists on platforms using System V > shared memory based scoreboards. This vulnerability allows an > attacker who can execute under the Apache UID to exploit the Apache > shared memory scoreboard format and send a signal to any process as > root or cause a local denial of service attack. > > 2. CAN-2002-0840: Apache is susceptible to a cross site scripting > vulnerability in the default 404 page of any web server hosted on a > domain that allows wildcard DNS lookups. > > 3. CAN-2002-0843: There were some possible overflows in the utility > ApacheBench (ab) which could be exploited by a malicious server. > > 4. CAN-2002-1233: A race condition in the htpasswd and htdigest > program enables a malicious local user to read or even modify the > contents of a password file or easily create and overwrite files as > the user running the htpasswd (or htdigest respectively) program. > > 5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and > others allows local users to overwrite arbitrary files via a > symlink attack. > > This is the same vulnerability as CAN-2002-1233, which was fixed in > potato already but got lost later and was never applied upstream. > > 5. NO-CAN: Several buffer overflows have been found in the ApacheBench > (ab) utility that could be exploited by a remote server returning > very long strings. > > These problems have been fixed in version 1.3.26-0woody3 for the > current stable distribution (woody) and in 1.3.9-14.3 for the old > stable distribution (potato). Corrected packages for the unstable > distribution (sid) are expected soon. > > We recommend that you upgrade your Apache package immediately. > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 2.2 alias potato > - --------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3.diff.gz > Size/MD5 checksum: 345741 5f88eecddfe95c8366888bb71e0917ce > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3.dsc > Size/MD5 checksum: 666 d69af430768983c68a2d881c4c9ee236 > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9.orig.tar.gz > Size/MD5 checksum: 1691969 6758fe8b931be0b634b6737d9debf703 > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9-14.3_all.deb > Size/MD5 checksum: 544588 95611594e54cb8bf69b5ffa47598a17d > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_alpha.deb > Size/MD5 checksum: 409920 178a31efa994c54161515d7e5dceb32a > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_alpha.deb > Size/MD5 checksum: 809564 102b7a7ed3be7752ff80f209c755ca8e > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_alpha.deb > Size/MD5 checksum: 754386 39db60aedbba0afaa45015149e6cabd6 > > ARM architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_arm.deb > Size/MD5 checksum: 366248 3cba61971237b64017d19ed554d89d99 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_arm.deb > Size/MD5 checksum: 738516 650be6a02b3f3dd8ede817e29ab81afa > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_arm.deb > Size/MD5 checksum: 555462 cf94ce0aff0b69003a015e6fba73cc3c > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_i386.deb > Size/MD5 checksum: 359946 aae786f44f00d4c62b09ccd33fbef609 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_i386.deb > Size/MD5 checksum: 718786 33046433f742f4bf5628d82afad4c18e > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_i386.deb > Size/MD5 checksum: 548902 86fd170a541de8c70d5abff2fca8d544 > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_m68k.deb > Size/MD5 checksum: 349398 e508d96353523cd52d1530ab3dc90494 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_m68k.deb > Size/MD5 checksum: 724182 8fa69e2b49a7448d94ed50a89f680eb6 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_m68k.deb > Size/MD5 checksum: 549044 ba2ca56e2048b72b0af0abcbfa667603 > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_powerpc.deb > Size/MD5 checksum: 372956 1a4130e6e35649062bdfe9eb31ba416f > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_powerpc.deb > Size/MD5 checksum: 744222 abe11e9934a4aef4e518901f6f7aa514 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_powerpc.deb > Size/MD5 checksum: 574710 6c3fe2b6c5e1ea07552da8a2e6470c7e > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_sparc.deb > Size/MD5 checksum: 369762 136624ff5072da52ead45ad5e99000bc > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_sparc.deb > Size/MD5 checksum: 766658 b4625a1f3489dc02cb624fb9d5deffdd > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_sparc.deb > Size/MD5 checksum: 559904 a2bf67269a3c48a036b9ac64b791ee5d > > > Debian GNU/Linux 3.0 alias woody > - -------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3.diff.gz > Size/MD5 checksum: 324523 41008783f82dc718ac683db882797722 > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3.dsc > Size/MD5 checksum: 668 f379e80785f1308c90da3c26f081e647 > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz > Size/MD5 checksum: 2586182 5cd778bbe6906b5ef39dbb7ef801de61 > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody3_all.deb > Size/MD5 checksum: 1022554 a13fce3a93f137ef243bc743e7b5a57d > > Alpha architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_alpha.deb > Size/MD5 checksum: 395402 fef4da568cae603f57adbae95a76a592 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_alpha.deb > Size/MD5 checksum: 925748 38631e1fb7f2a1e8df604eaeda11591f > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_alpha.deb > Size/MD5 checksum: 713834 5b6bca42fbcaf810079c2654cfef2d1d > > ARM architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_arm.deb > Size/MD5 checksum: 361042 f3a265c6a6e36f58a6b751095f46b0ad > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_arm.deb > Size/MD5 checksum: 838450 b448f9c0d51e144332d3f6f19ecdb59e > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_arm.deb > Size/MD5 checksum: 544250 e9637f6e8771c5e24cebb811cf4a3311 > > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_i386.deb > Size/MD5 checksum: 353130 95d81b2239554383c56c7d193c476ddb > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_i386.deb > Size/MD5 checksum: 813172 98146bac67cff4cf252e4ff2bbbb6560 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_i386.deb > Size/MD5 checksum: 535652 c1159fd49c0cf0aec2bca984f93d6f25 > > Intel IA-64 architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_ia64.deb > Size/MD5 checksum: 436772 e0052fc13623fdf6658897af57ccfe57 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_ia64.deb > Size/MD5 checksum: 1011984 430974e4b9b3a79ed4058289bbab6acf > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_ia64.deb > Size/MD5 checksum: 949028 ea2448657dbe3d4ce4f8298e4d49384e > > HP Precision architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_hppa.deb > Size/MD5 checksum: 386082 d1a30db030dc4bff1c81218a4a051643 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_hppa.deb > Size/MD5 checksum: 890940 4d4a7cc736df264e3162dc809629dc65 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_hppa.deb > Size/MD5 checksum: 586982 4ddcb6a10031dee8d29059db2ae906fe > > Motorola 680x0 architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_m68k.deb > Size/MD5 checksum: 347810 9a13cf03c077aba227aa8ce40aabd7e7 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_m68k.deb > Size/MD5 checksum: 820744 3e50ff2e1980cde0009e8d681ba7a1ad > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_m68k.deb > Size/MD5 checksum: 537150 ea8b8c14ac0b198a50fc73197cdbdaab > > Big endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_mips.deb > Size/MD5 checksum: 376358 1d82148e1e8bf0eacd544681ac668e25 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_mips.deb > Size/MD5 checksum: 843814 e689b5b5fdcec8d6e9bf44ec672eee8b > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_mips.deb > Size/MD5 checksum: 576300 b8a0b03fd2d119a7519a16acec316e0b > > Little endian MIPS architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_mipsel.deb > Size/MD5 checksum: 376424 0e669f97720075d01ee294054da1cd1e > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_mipsel.deb > Size/MD5 checksum: 842510 d563cfe249296461fa2aa998e7f479f6 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_mipsel.deb > Size/MD5 checksum: 565518 54a136314491e2f9ce42d3ba9a2b148f > > PowerPC architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_powerpc.deb > Size/MD5 checksum: 366902 210e698fe3f282f5a0ec0455351f0f71 > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_powerpc.deb > Size/MD5 checksum: 845816 eeb281d15a03845769ad8db36ced9f69 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_powerpc.deb > Size/MD5 checksum: 558800 9782db00bede5da95c77fda15756e603 > > IBM S/390 architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_s390.deb > Size/MD5 checksum: 360932 dac73742388690f1ffe240f18e3b4d3a > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_s390.deb > Size/MD5 checksum: 828556 e7ba2937fa91341e1dd2e1f0ab4a5fb3 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_s390.deb > Size/MD5 checksum: 554128 630504452f6cf1067c17124e805a0f33 > > Sun Sparc architecture: > > > http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_sparc.deb > Size/MD5 checksum: 360822 6a4bd36487e3f0e98be588eb367c3c6a > > http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_sparc.deb > Size/MD5 checksum: 847188 4d3dd23c4f4e7e2245aeeb2c96b67743 > > http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_sparc.deb > Size/MD5 checksum: 544730 10b2d3630f525b1ec15f813540450d10 > > > These files will probably be moved into the stable distribution on > its next revision. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [email protected] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE9xpHAW5ql+IAeqTIRAt8hAJ42/48N32kah2xia3lS/jQqxj7LyACgiiOg > fM0GFwvDUde7P+lv/L0Rg/E= > =w6Iz > -----END PGP SIGNATURE-----
