Highly critical update for Mandrake Linux 9

Nomad559

(1000+ posts) Send PM | Profile | Ignore

Wed Jun-30-04 11:09 AM
Original message

Highly critical update for Mandrake Linux 9

http://secunia.com/advisories/11968

Mandrake Linux 9.x
Mandrake Corporate Server 2.x

MandrakeSoft has issued an update for apache. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

Georgi Guninski has discovered a vulnerability in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the Apache mod_proxy module. This can be exploited to cause a heap-based buffer overflow by passing a "Content-Length:" header containing a large negative value.

Successful exploitation may reportedly crash the child process and potentially allow code execution on some BSD systems, if an Apache server, which is configured as a proxy, connects to a malicious site.

The vulnerability affects versions 1.3.31, 1.3.29, 1.3.28, 1.3.27, and 1.3.26

Printer Friendly | Permalink | | Top

Commie Pinko Dirtbag

(1000+ posts) Send PM | Profile | Ignore

Wed Jun-30-04 11:13 AM
Response to Original message

1. Thankfully not many people use that --- most use Squid instead

Edited on Wed Jun-30-04 11:14 AM by JCCyC

By the way, notice how the (much fewer) holes in Linux and other Free and Open Source software are found and fixed BEFORE exploits are in the wild, not after. Unlike some others whose security appears to be Small And Not Hard (if you catch my drift).

Edit: typos

Printer Friendly | Permalink | | Top

Nomad559

(1000+ posts) Send PM | Profile | Ignore

Wed Jun-30-04 11:53 AM
Response to Reply #1

2. Squid

ALL Highly critical

2004-06-09
http://secunia.com/advisories/11804

2004-06-17
http://secunia.com/advisories/11889

2004-06-10
http://secunia.com/advisories/11838

2004-06-10
http://secunia.com/advisories/11819

2004-06-10
http://secunia.com/advisories/11831

2004-06-10
http://secunia.com/advisories/11816

How many patches did Windows XP need this Month? ... Zero

Printer Friendly | Permalink | | Top

Commie Pinko Dirtbag

(1000+ posts) Send PM | Profile | Ignore

Wed Jun-30-04 01:15 PM
Response to Reply #2

3. I thought IE was part of Windows?

http://www.us-cert.gov/cas/alerts/SA04-163A.html
http://secunia.com/advisories/11966/

Could search for more but I'm a lazy SOB. So much for "zero patches needed this month". Unless you live in New Zealand and July already started for you... then this may be true... for a few days at most... :evilgrin:

Printer Friendly | Permalink | | Top

Commie Pinko Dirtbag

(1000+ posts) Send PM | Profile | Ignore

Wed Jun-30-04 01:28 PM
Response to Reply #2

4. HEY wait a second! ALL of these links are for the SAME fix!

Edited on Wed Jun-30-04 01:29 PM by JCCyC

Each of them advertises one Linux distribution's updated packages for THE SAME vulnerability! Tsk tsk. Tricky tricky!

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Tue Apr 23rd 2024, 02:35 PM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.