[CentOS] Apache patching questions

Wed Feb 22 10:42:48 UTC 2006
Karanbir Singh <mail-lists at karan.org>

U n d e r a c h i e v e r wrote:
> Hi
> 
> I'm using CentOS 3, and it's fully patched using yum. Apache reports version
> 2.0.46 (CentOS)
> 
> A colleague ran a copy of Nikto, a scripted vuln. finder, against my server,
> and reported the following problems. The only one I've tested is the
> directory traversal, and it seems to be an issue. Will the upstream vendor
> patch these issues in Apache 2.0.46, or not? If not, does anyone know why
> not?
> 
> # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data
> into logfiles, which could pose a threat when logs are viewed/parsed.
> CAN-2003-0020. OSVDB-4382.
> # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain
> input data. CAN-2004-0493. OSVDB-7269.
> # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential
> infinite loop. CAN-2004-0748. OSVDB-9523.
> # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 and below
> allow directory traversal with '/.../' entries.
> # Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote
> problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU
> # Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote
> problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542.
> # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 contains a memory exhaustion
> DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391.
> # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of
> authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218.
> 

that script seems to be a brain dead testing setup - its just checking 
for the version numbers and not the vuln's themselves. Can you actually 
recreate any of these exploits ?

-- 
Karanbir Singh : http://www.karan.org/ : 2522219 at icq