drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in httpd
Name: |
Mangelnde Rechteprüfung in httpd |
|
ID: |
TLSA-2009-19 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux Client 2008, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition |
|
Datum: |
Fr, 19. Juni 2009, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2009-19 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 18 Jun 2009 Last revised: 18 Jun 2009
Package: httpd
Summary: Apache AllowOverride Options vulnerability
More information: Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. (CVE-2009-1195)
Affected Products: - Turbolinux Client 2008 - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server
<Turbolinux Client 2008>
Source Packages Size: MD5
httpd-2.2.6-12.src.rpm 4778682 a71af7baf50503e2149ea50c927f5819
Binary Packages Size: MD5
httpd-2.2.6-12.i586.rpm 1232309 ef40915bffc6b5b33f6de46f5ad8c908 httpd-devel-2.2.6-12.i586.rpm 148835 095020982d238737fe7647c54f6a7c57
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages Size: MD5
httpd-2.2.6-12.src.rpm 4788001 fb62e5ed3761a26fc5ccca09f6c7a88e
Binary Packages Size: MD5
httpd-2.2.6-12.x86_64.rpm 1250912 bed00a2f21a64a15852081f6bebb5e20 httpd-manual-2.2.6-12.x86_64.rpm 858395 9430b16e261856dcf8c15ba3f08364c1 httpd-rootsrv-2.2.6-12.x86_64.rpm 230075 e3acbfe5be8c419ce1c484cf3529dd34 mod_ssl-2.2.6-12.x86_64.rpm 89910 67419a062e5cfb03dd8c429a175e651c
<Turbolinux Appliance Server 3.0>
Source Packages Size: MD5
httpd-2.2.6-12.src.rpm 4788001 fb62e5ed3761a26fc5ccca09f6c7a88e
Binary Packages Size: MD5
httpd-2.2.6-12.i686.rpm 1177904 7fc53494aca957696aa5c028fd70f587 httpd-manual-2.2.6-12.i686.rpm 859059 9e747e6f6980624867661c8390922f2c httpd-rootsrv-2.2.6-12.i686.rpm 217505 07482120e02750c254507b87a9affd26 mod_ssl-2.2.6-12.i686.rpm 85514 008eb2994d8aab3584203d0debb08627
<Turbolinux 11 Server x64 Edition>
Source Packages Size: MD5
httpd-2.2.6-12.src.rpm 4788001 fb62e5ed3761a26fc5ccca09f6c7a88e
Binary Packages Size: MD5
httpd-2.2.6-12.x86_64.rpm 1250912 bed00a2f21a64a15852081f6bebb5e20 httpd-devel-2.2.6-12.x86_64.rpm 153666 63ef0ce4b7bc36f44022d3bee89766b2 httpd-manual-2.2.6-12.x86_64.rpm 858395 9430b16e261856dcf8c15ba3f08364c1 mod_ssl-2.2.6-12.x86_64.rpm 89910 67419a062e5cfb03dd8c429a175e651c
<Turbolinux 11 Server>
Source Packages Size: MD5
httpd-2.2.6-12.src.rpm 4788001 fb62e5ed3761a26fc5ccca09f6c7a88e
Binary Packages Size: MD5
httpd-2.2.6-12.i686.rpm 1177904 7fc53494aca957696aa5c028fd70f587 httpd-devel-2.2.6-12.i686.rpm 153718 caa746043b57ab76451aae8251246369 httpd-manual-2.2.6-12.i686.rpm 859059 9e747e6f6980624867661c8390922f2c mod_ssl-2.2.6-12.i686.rpm 85514 008eb2994d8aab3584203d0debb08627
References:
CVE [CVE-2009-1195] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
-------------------------------------------------------------------------- Revision History 18 Jun 2009 Initial release --------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux)
iEYEARECAAYFAko55v0ACgkQK0LzjOqIJMz+HwCgoFK9k6eYRtbMlz29zLEl2KQP elgAnieFtoj96L9s1Ai3jfPYjme4pGP0 =Tld3 -----END PGP SIGNATURE-----
|
|
|
|