Overview
The default installation of Apache on MandrakeSoft Mandrake Linux configures an instance of the server to run apache-mod_perl listening on port 8200/tcp.
Description
MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default installation of Apache on Mandrake Linux configures apache-mod_perl to listen on port 8200/tcp. Requests made to the main web server for directories containing Perl programs are proxied internally by Apache to the apache-mod_perl service running on port 8200/tcp. This configuration is called ProxyPass as referenced in Apache's mod_perl performance tuning document. Although all Apache servers on a system share configuration information contained in /etc/httpd/conf/commonhttpd.conf, it is possible that security settings between the two servers are different, and administrators may not expect apache-mod_perl running on port 8200/tcp |
Impact
Administrators may not be aware that an HTTPD service is listening on 8200/tcp. Also, it is possible that the security settings for the service on 8200/tcp differ from the service running on 80/tcp. |
Solution
Install Updated Package Install an updated Apache package when available. |
|
Vendor Information
MandrakeSoft Affected
Notified: September 26, 2001 Updated: December 05, 2001
Status
Affected
Vendor Statement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: apache
Date: November 27th, 2001
Original Advisory Date: September 18th, 2001
Advisory ID: MDKSA-2001:077-1
Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1
________________________________________________________________________
Problem Description:
A problem exists with all Apache servers prior to version 1.3.19. The
vulnerablity could allow directory indexing and path discovery on the
vulnerable servers with a custom crafted request consisting of a long
path name created artificially by using numerous slashes. This can
cause modules to misbehave and return a listing of the directory
contents by avoiding the error page.
Another vulnerability found by Procheckup (www.procheckup.com) was
that all directories, by default, were configured as browseable so
an attacker could list all files in the targeted directories. As
well, Procheckup found that the perl-proxy/management software on
port 8200 would supply dangerous information to attackers due to
a perl status script that was enabled. We have disabled directory
browsing by default and have disabled the perl status scripts.
Update:
The previous updates for 7.2 had some problems with mod_perl
segfaulting and with mod_ssl under 7.1. As well, ApacheJServ was not
included for 7.2 and 8.0.
Other security fixes were introduced in Apache 1.3.22. A vulnerability
in the split-logfile support program would allow any file with a .log
extension on the system to be written to due to a specially crafted
Host: header.
This update provides Apache 1.3.22 for all supported platforms, and
the packages for 7.1, 7.2, and Corporate Server 1.0.1 now use the
same modular design as 8.0 and later versions. You will be unable to
safely upgrade these packages and will need to take a few very
important manual steps to ensure a proper upgrade (this is only
applicable to 7.2 and earlier distributions; this is not required for
8.0 and later):
1) Stop apache (service httpd stop)
2) Completely backup /etc/httpd/conf/*
3) Backup /var/log/httpd (the uninstall scripts of the previous
apache versions may remove the log files)
4) Remove the currently installed apache, mod_perl, mod_ssl, and php
packages from the system. You can do this using:
urpme apache; urpme php
or (if you are using 7.2):
urpme apache-common; urpme php
5) Upgrade mm/mm-devel and (if you are upgrading 7.1 or Corporate
Server) the new perl packages
6) Install the download upgrade packages of apache components using
"rpm -ivh *.rpm"
7) Restore your /var/log/httpd backup
8) Merge your configuration backups with the new config files (most
notably you will need to edit commonhttpd.conf)
9) Start apache (service httpd start)
This update also introduces PHP 4.0.6 to Linux-Mandrake 7.1, 7.2, and
Corporate Server.
________________________________________________________________________
References:
http://www.securityfocus.com/bid/2503
http://bugs.apache.org/index.cgi/full/7848
http://www.apacheweek.com/issues/01-09-28#security
http://www.securityfocus.com/bid/3009
http://www.procheckup.com/vulnerabilities/pr0107.html
________________________________________________________________________
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.
Linux-Mandrake 7.1:
a0c74b9f69ad117df32f94a44e08369d 7.1/RPMS/HTML-Embperl-1.3.22_1.3.3-1.4mdk.i586.rpm
a26976127fd8d6285857c7bdb404b056 7.1/RPMS/apache-1.3.22-1.4mdk.i586.rpm
ecf3c8ff4330e3b5f557f23e7335c58d 7.1/RPMS/apache-common-1.3.22-1.4mdk.i586.rpm
98db2dff731d5bfa36deda9007f49a75 7.1/RPMS/apache-conf-1.3.22-1.4mdk.i586.rpm
3d77b52f1f66b640c2cafe24d3dc00e3 7.1/RPMS/apache-devel-1.3.22-1.4mdk.i586.rpm
1f79ad246098b463aa7f06c46aacef50 7.1/RPMS/apache-manual-1.3.22-1.4mdk.i586.rpm
f27a75a23fc49cf367b1920e6adb2eea 7.1/RPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.i586.rpm
96f81f246aeb359c5e3840df4f5291e5 7.1/RPMS/apache-modules-1.3.22-1.4mdk.i586.rpm
4ddb0422c7c4132303986ac4e4604b68 7.1/RPMS/apache-source-1.3.22-1.4mdk.i586.rpm
d498e15cf630a20200ef9c44628cbcbe 7.1/RPMS/apache-suexec-1.3.22-1.4mdk.i586.rpm
656ab9df6cf8390e68af9e9ceab1b99e 7.1/RPMS/mm-1.1.3-8.1mdk.i586.rpm
aacc6cc46078cf0ff77af06693484b9a 7.1/RPMS/mm-devel-1.1.3-8.1mdk.i586.rpm
b44090cf5650f623ddca48cf1d16d768 7.1/RPMS/mod_perl-common-1.3.22_1.25_01-1.4mdk.i586.rpm
db5afc42b3a3cf496b8ff34bb1d8dbd4 7.1/RPMS/mod_perl-devel-1.3.22_1.25_01-1.4mdk.i586.rpm
3bebfdfba378ffd53217ae1c921a0ba4 7.1/RPMS/mod_php-4.0.6-5.1mdk.i586.rpm
d45009a853fac9ed14a5aefe7343274c 7.1/RPMS/mod_ssl-2.8.5-1.4mdk.i586.rpm
7d6bc0c02175a89d82868f9c90b14c03 7.1/RPMS/mod_sxnet-1.2.4-1.4mdk.i586.rpm
81ac490000934a9b563af2f1f300d00e 7.1/RPMS/perl-5.600-17mdk.i586.rpm
e9cc54bdd262fb04f8898a4b2b4c5dbf 7.1/RPMS/perl-base-5.600-17mdk.i586.rpm
d67e860357ba7e4b539febd73067614f 7.1/RPMS/perl-devel-5.600-17mdk.i586.rpm
4bd07a25bc52e054bbbf0cc7ee487b20 7.1/RPMS/php-4.0.6-5.1mdk.i586.rpm
f258835ad065fa5b0ccb5ae200909bd2 7.1/RPMS/php-common-4.0.6-5.1mdk.i586.rpm
412fd9e43315da1639705fc938610721 7.1/RPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.i586.rpm
80e54093258c0ad73448c2fa304fd44e 7.1/RPMS/php-devel-4.0.6-5.1mdk.i586.rpm
f71c43dd49265c3ff19285705b4917f7 7.1/RPMS/php-gd-4.0.6-2.1mdk.i586.rpm
e2a8512f05f092490ba55bba23099931 7.1/RPMS/php-imap-4.0.6-2.1mdk.i586.rpm
73b085e96f3626ea900e2db04b216447 7.1/RPMS/php-ldap-4.0.6-3.1mdk.i586.rpm
339b190be55a37cc339ac74890eeca09 7.1/RPMS/php-manual_en-4.0.6-1.1mdk.i586.rpm
6fd7c59d5eb7923cbaa41941e6d60639 7.1/RPMS/php-mysql-4.0.6-3.1mdk.i586.rpm
ca9b50b2607cc74290dff5059679b3ee 7.1/RPMS/php-pgsql-4.0.6-3.1mdk.i586.rpm
b3ef0ae443fa565cea495540e8f3a2f9 7.1/RPMS/php-readline-4.0.6-2.1mdk.i586.rpm
e88d8db2d3eb08a9ba5d734ba70afea5 7.1/SRPMS/apache-1.3.22-1.4mdk.src.rpm
1f10d0440606e3fa12162ef7d90445e9 7.1/SRPMS/apache-conf-1.3.22-1.4mdk.src.rpm
520f1bbfb86bbc821dbbead04acb21f8 7.1/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.src.rpm
8907e70b755a10ec3373cefbd5ba2f06 7.1/SRPMS/mm-1.1.3-8.1mdk.src.rpm
776d3967170249f7b9f6e834247dab9b 7.1/SRPMS/mod_php-4.0.6-5.1mdk.src.rpm
95b0e84c9959ce648d0d32a2429bb446 7.1/SRPMS/mod_ssl-2.8.5-1.4mdk.src.rpm
ea836a7af8a82d466d7e44bc8672d36a 7.1/SRPMS/mod_sxnet-1.2.4-1.4mdk.src.rpm
0734fd60f0c0e240b75cac1d2aeeca0b 7.1/SRPMS/perl-5.600-17mdk.src.rpm
fb3721213ead8f4203e75bbca0f1a6fb 7.1/SRPMS/php-4.0.6-5.1mdk.src.rpm
66206da40ebfbbae1dee8b827a452f6c 7.1/SRPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.src.rpm
96e6b5b2e3bc0e80cb4b0dddfbb6d625 7.1/SRPMS/php-gd-4.0.6-2.1mdk.src.rpm
cad47e6fc08748e0df4906bebc405488 7.1/SRPMS/php-imap-4.0.6-2.1mdk.src.rpm
206ca1678d9a2f6b8133ee321e2a948f 7.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm
d7e5c28911385fe0d571f72d4f8d887e 7.1/SRPMS/php-manual_en-4.0.6-1.1mdk.src.rpm
6c06362fc536f070f8fd9a9784c1dcac 7.1/SRPMS/php-mysql-4.0.6-3.1mdk.src.rpm
7fa7e174ef947b6c9dfb623fa28f6fd0 7.1/SRPMS/php-pgsql-4.0.6-3.1mdk.src.rpm
01b22613672059703e681dd5c004e3f6 7.1/SRPMS/php-readline-4.0.6-2.1mdk.src.rpm
Linux-Mandrake 7.2:
801122cf689e7eb01e7766972bbd9e77 7.2/RPMS/ApacheJServ-1.1.2-6.2mdk.i586.rpm
a66ab3c6031cfd0c308d56f4e1f584fb 7.2/RPMS/HTML-Embperl-1.3.22_1.3.3-1.3mdk.i586.rpm
f734630ab88911363b4512bfe5ff945a 7.2/RPMS/apache-1.3.22-1.3mdk.i586.rpm
9c4a404cb9463b9a8b9dbf35367c1b2d 7.2/RPMS/apache-common-1.3.22-1.3mdk.i586.rpm
709620bd7fe0a05f58d14d3c59071707 7.2/RPMS/apache-conf-1.3.22-1.3mdk.i586.rpm
5d45f160a65c184e0b2becfa32599082 7.2/RPMS/apache-devel-1.3.22-1.3mdk.i586.rpm
aff009a002b12c839deac63be8c978d2 7.2/RPMS/apache-manual-1.3.22-1.3mdk.i586.rpm
5f14f8ed47f3bb77610c139659822bca 7.2/RPMS/apache-mod_perl-1.3.22_1.25_01-1.3mdk.i586.rpm
61a009c24a350c340777b2aa807287e2 7.2/RPMS/apache-modules-1.3.22-1.3mdk.i586.rpm
fa5319fcad355bbd068021dadfd3b46b 7.2/RPMS/apache-source-1.3.22-1.3mdk.i586.rpm
439f559d1758f7243ab5c198f6c7a9e9 7.2/RPMS/apache-suexec-1.3.22-1.3mdk.i586.rpm
55e269403950e662d1e7d8678caa2167 7.2/RPMS/mm-1.1.3-8.2mdk.i586.rpm
3cc975f6329fd90d4a5ba4b73d02ced5 7.2/RPMS/mm-devel-1.1.3-8.2mdk.i586.rpm
d3abee4610ab4c9e19d5a9c6024c2d38 7.2/RPMS/mod_perl-common-1.3.22_1.25_01-1.3mdk.i586.rpm
490c01caf911d38cd4d8103a6474614f 7.2/RPMS/mod_perl-devel-1.3.22_1.25_01-1.3mdk.i586.rpm
9b5b8ac2534ea2ed44c2f89b0c73f8ba 7.2/RPMS/mod_php-4.0.6-5.2mdk.i586.rpm
fb287d6b5ab738136945e6ab6f4299e6 7.2/RPMS/mod_ssl-2.8.5-1.3mdk.i586.rpm
00f20cf1ee73c9145446084d86e10916 7.2/RPMS/mod_sxnet-1.2.4-1.3mdk.i586.rpm
24d60a91811067c18ae1c01aa52f8a42 7.2/RPMS/php-4.0.6-5.2mdk.i586.rpm
227d743023186b863fa59ef24e298014 7.2/RPMS/php-common-4.0.6-5.2mdk.i586.rpm
1d9f297b464f09e8aebadbddfc21415c 7.2/RPMS/php-dba_gdbm_db2-4.0.6-4.2mdk.i586.rpm
fc0909e1515aa614e2866e9bd18cc5e9 7.2/RPMS/php-devel-4.0.6-5.2mdk.i586.rpm
8ae34cca1880ac0c9dd0be74d31afd27 7.2/RPMS/php-gd-4.0.6-2.2mdk.i586.rpm
b6563e59388d61f9df14b77ac0cf9366 7.2/RPMS/php-imap-4.0.6-2.2mdk.i586.rpm
dda2a9cb09eea792c0dc37027b41bd32 7.2/RPMS/php-ldap-4.0.6-3.2mdk.i586.rpm
b7bdcd81a3988798181452a3c31478bc 7.2/RPMS/php-manual_en-4.0.6-1.2mdk.i586.rpm
45be15de48bdc7e8d06f3a1e6532044a 7.2/RPMS/php-mysql-4.0.6-3.2mdk.i586.rpm
d543cd0288e7a1227580fffbff80bc3f 7.2/RPMS/php-pgsql-4.0.6-3.2mdk.i586.rpm
c8850f691ca2d7c75048aa22609da06a 7.2/RPMS/php-readline-4.0.6-2.2mdk.i586.rpm
5878420df174676faaab784a8259c02d 7.2/SRPMS/ApacheJServ-1.1.2-6.2mdk.src.rpm
6480f176f7c1cc4f74701963d37272cf 7.2/SRPMS/apache-1.3.22-1.3mdk.src.rpm
2169c578e60c7e7f277dff53b213b09e 7.2/SRPMS/apache-conf-1.3.22-1.3mdk.src.rpm
6cb19bd40d3ae97ecdbb46c8f88983aa 7.2/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.3mdk.src.rpm
546c1784c586b928cea91e4a09812209 7.2/SRPMS/mm-1.1.3-8.2mdk.src.rpm
2ed3f78b4718e58575f4dac14d88799a 7.2/SRPMS/mod_php-4.0.6-5.2mdk.src.rpm
5faf69691ee6855038599d3e125af406 7.2/SRPMS/mod_ssl-2.8.5-1.3mdk.src.rpm
f9f390b0f4c58c205d563911ddfda422 7.2/SRPMS/mod_sxnet-1.2.4-1.3mdk.src.rpm
b682a69cbaf5e5643748e8440bc7771c 7.2/SRPMS/php-4.0.6-5.2mdk.src.rpm
cdb51abb201c505862564efdc845403b 7.2/SRPMS/php-dba_gdbm_db2-4.0.6-4.2mdk.src.rpm
ee2cc2f1bd3cdb57fdcf621010233475 7.2/SRPMS/php-gd-4.0.6-2.2mdk.src.rpm
bde017f5772953831291fdc5589f5a32 7.2/SRPMS/php-imap-4.0.6-2.2mdk.src.rpm
f16fd04629e75090d97f4d9f0a861435 7.2/SRPMS/php-ldap-4.0.6-3.2mdk.src.rpm
6e3ce91674a3fa179e0b5cbf3ec6b4d6 7.2/SRPMS/php-manual_en-4.0.6-1.2mdk.src.rpm
58cff799b1a226ed194b49337a98b935 7.2/SRPMS/php-mysql-4.0.6-3.2mdk.src.rpm
a29ba3759128da2ecc4a6ef2b5fec091 7.2/SRPMS/php-pgsql-4.0.6-3.2mdk.src.rpm
545d6c2866406a557f7ff86cd701397f 7.2/SRPMS/php-readline-4.0.6-2.2mdk.src.rpm
Mandrake Linux 8.0:
fe143a1dbf0859cea63d6c58609c7662 8.0/RPMS/ApacheJServ-1.1.2-6.3mdk.i586.rpm
3fac1685955e659b8518ded546d2d04b 8.0/RPMS/HTML-Embperl-1.3.22_1.3.3-1.2mdk.i586.rpm
cf5dda6f0ed91a1459bd1fb031ea336b 8.0/RPMS/apache-1.3.22-1.2mdk.i586.rpm
ae468745a38484cbe54648415f413934 8.0/RPMS/apache-common-1.3.22-1.2mdk.i586.rpm
a0ce3a665fdbf577c38928fea2acff08 8.0/RPMS/apache-conf-1.3.22-1.2mdk.i586.rpm
0762398b203d68e39be433978e9f6b35 8.0/RPMS/apache-devel-1.3.22-1.2mdk.i586.rpm
74884229bf9da460e2e38f9479dcd3de 8.0/RPMS/apache-manual-1.3.22-1.2mdk.i586.rpm
9d24b0449c251111990c641161daf0b9 8.0/RPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.i586.rpm
10751958ee0792d4cba523f56c04297a 8.0/RPMS/apache-modules-1.3.22-1.2mdk.i586.rpm
e70c94d028c64d87eb7babefebcecae4 8.0/RPMS/apache-source-1.3.22-1.2mdk.i586.rpm
7bf73fbe5c942f345d47273bc56e39e4 8.0/RPMS/apache-suexec-1.3.22-1.2mdk.i586.rpm
47ea80c0f1c55e76ac943c20dc6030a3 8.0/RPMS/mod_frontpage-1.5.1-5.2mdk.i586.rpm
2ff1581456a758999a6e60546e11c4ee 8.0/RPMS/mod_perl-common-1.3.22_1.25_01-1.2mdk.i586.rpm
f63912bd18764c9f1970acdb47622f2d 8.0/RPMS/mod_perl-devel-1.3.22_1.25_01-1.2mdk.i586.rpm
bf919188b77bd6e82eec229707839abb 8.0/RPMS/mod_php-4.0.6-3.2mdk.i586.rpm
542cdc4d7876f03374a4545653bb8141 8.0/RPMS/mod_ssl-2.8.5-1.2mdk.i586.rpm
84e812c6278b3dd7cc40a76eb96c2a01 8.0/RPMS/mod_sxnet-1.2.4-1.2mdk.i586.rpm
17559ce3c7c92441da5d342e92ae552d 8.0/SRPMS/ApacheJServ-1.1.2-6.3mdk.src.rpm
c6032d96a2d5cd09b969f6fe6da9ce1b 8.0/SRPMS/apache-1.3.22-1.2mdk.src.rpm
83179487059a65dc2d5afd281a9b9af5 8.0/SRPMS/apache-conf-1.3.22-1.2mdk.src.rpm
123e12b8e2d179f1ebefaa9a7149c497 8.0/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.src.rpm
0f89aa1741c44814d3291813a92d7915 8.0/SRPMS/mod_frontpage-1.5.1-5.2mdk.src.rpm
dc927153d4430bc09a0173fb65c74867 8.0/SRPMS/mod_php-4.0.6-3.2mdk.src.rpm
6f3829348e2eb94680b93876bdb4ebca 8.0/SRPMS/mod_ssl-2.8.5-1.2mdk.src.rpm
70036be62dec65cd78777dc638e87866 8.0/SRPMS/mod_sxnet-1.2.4-1.2mdk.src.rpm
Mandrake Linux 8.0 (PPC):
e571c1875eb9497bbf3f99cd192d1754 ppc/8.0/RPMS/HTML-Embperl-1.3.22_1.3.3-1.2mdk.ppc.rpm
5ceed1e9517aa7ea4539a66261b3d07c ppc/8.0/RPMS/apache-1.3.22-1.2mdk.ppc.rpm
24701866a0a9ce02b5f1fc0a635f8940 ppc/8.0/RPMS/apache-common-1.3.22-1.2mdk.ppc.rpm
3d3c25f15f60c007fe4c892f019de3a2 ppc/8.0/RPMS/apache-conf-1.3.22-1.2mdk.ppc.rpm
d55f8d8da77bf935c96f2713c0f39675 ppc/8.0/RPMS/apache-devel-1.3.22-1.2mdk.ppc.rpm
047b159512abd6ddb3f147d8bef33014 ppc/8.0/RPMS/apache-manual-1.3.22-1.2mdk.ppc.rpm
2fa2bbaa3089369ad8633904fac017ea ppc/8.0/RPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.ppc.rpm
730d420eeec80f907531a1d54fc86f62 ppc/8.0/RPMS/apache-modules-1.3.22-1.2mdk.ppc.rpm
9d4ceb8988fda0fde877554d0196cfd4 ppc/8.0/RPMS/apache-source-1.3.22-1.2mdk.ppc.rpm
f867712c6dd435dda8a628f56d1c1302 ppc/8.0/RPMS/apache-suexec-1.3.22-1.2mdk.ppc.rpm
36898ee6969dfd499f3f003a8dc3c429 ppc/8.0/RPMS/mod_frontpage-1.5.1-5.2mdk.ppc.rpm
eb77585d715c38e999156db6028123e0 ppc/8.0/RPMS/mod_perl-common-1.3.22_1.25_01-1.2mdk.ppc.rpm
d3552b52130972e39d93f7c80a1d5458 ppc/8.0/RPMS/mod_perl-devel-1.3.22_1.25_01-1.2mdk.ppc.rpm
0ab21a1589c099ee3b22a3dee73b0fc7 ppc/8.0/RPMS/mod_php-4.0.6-3.2mdk.ppc.rpm
bd1d9db540eed60ca0c9e777c4985597 ppc/8.0/RPMS/mod_ssl-2.8.5-1.2mdk.ppc.rpm
b1511f703fd6a6dd4fa37ac85ff343ef ppc/8.0/RPMS/mod_sxnet-1.2.4-1.2mdk.ppc.rpm
c6032d96a2d5cd09b969f6fe6da9ce1b ppc/8.0/SRPMS/apache-1.3.22-1.2mdk.src.rpm
83179487059a65dc2d5afd281a9b9af5 ppc/8.0/SRPMS/apache-conf-1.3.22-1.2mdk.src.rpm
123e12b8e2d179f1ebefaa9a7149c497 ppc/8.0/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.2mdk.src.rpm
0f89aa1741c44814d3291813a92d7915 ppc/8.0/SRPMS/mod_frontpage-1.5.1-5.2mdk.src.rpm
dc927153d4430bc09a0173fb65c74867 ppc/8.0/SRPMS/mod_php-4.0.6-3.2mdk.src.rpm
6f3829348e2eb94680b93876bdb4ebca ppc/8.0/SRPMS/mod_ssl-2.8.5-1.2mdk.src.rpm
70036be62dec65cd78777dc638e87866 ppc/8.0/SRPMS/mod_sxnet-1.2.4-1.2mdk.src.rpm
Mandrake Linux 8.1:
ef502b8ec60df3c2130f5789a69b98dc 8.1/RPMS/HTML-Embperl-1.3.22_2.0b3-2.1mdk.i586.rpm
b4f41890583efd7a87051c6262df8b33 8.1/RPMS/apache-1.3.22-1.1mdk.i586.rpm
0d70e3e603abdbec0a368c14861cfa93 8.1/RPMS/apache-common-1.3.22-1.1mdk.i586.rpm
2ee8683cad7f43b38fa983ac972da49d 8.1/RPMS/apache-conf-1.3.22-1.1mdk.i586.rpm
8aa692a34d0a37c537062c3ba902340b 8.1/RPMS/apache-devel-1.3.22-1.1mdk.i586.rpm
34f8b3b4b3f17f7d4511d9babfcdd0bc 8.1/RPMS/apache-manual-1.3.22-1.1mdk.i586.rpm
ea5d510a0992dcce53957731578ca46f 8.1/RPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.i586.rpm
caa45ea41fa522ef2222bb15263f68c5 8.1/RPMS/apache-modules-1.3.22-1.1mdk.i586.rpm
cf9dd1df8f78d6c270b371a299be7557 8.1/RPMS/apache-source-1.3.22-1.1mdk.i586.rpm
4d44cfebdc7e8f2b241cdb57ae82cb95 8.1/RPMS/apache-suexec-1.3.22-1.1mdk.i586.rpm
6ccc68195b198334375ca17ba85f4719 8.1/RPMS/mod_auth_external-2.1.12-1.1mdk.i586.rpm
1b927afda67a5859e70950a7c9b37215 8.1/RPMS/mod_auth_radius-1.5.2-3.1mdk.i586.rpm
1785a32f5dc1bc5e31cc5f3079dbb18e 8.1/RPMS/mod_frontpage-1.5.1-5.1mdk.i586.rpm
d9ad7413fc73410166d1c25715ac8f80 8.1/RPMS/mod_gzip-1.3.19.1a-4.1mdk.i586.rpm
4ed70d8dd515b835d809b222480a9993 8.1/RPMS/mod_perl-common-1.3.22_1.26-2.1mdk.i586.rpm
8bcdb6d6cd6550ff77cf01e158cb34d1 8.1/RPMS/mod_perl-devel-1.3.22_1.26-2.1mdk.i586.rpm
2b522913dba5dd9e9cecd88fc8cfe2b3 8.1/RPMS/mod_php-4.0.6-7.1mdk.i586.rpm
532511ba921a166a4de8b053badc379e 8.1/RPMS/mod_ssl-2.8.5-1.1mdk.i586.rpm
d3a8fb09258a33508547e76bff12cfd0 8.1/RPMS/mod_sxnet-1.2.4-7.1mdk.i586.rpm
7c1f0b2afb8adc24ccf9f223c86df209 8.1/SRPMS/apache-1.3.22-1.1mdk.src.rpm
07a4f5c549ae21d4aa1a20dd9317eb83 8.1/SRPMS/apache-conf-1.3.22-1.1mdk.src.rpm
7515522259c801baf03280d2e75ad755 8.1/SRPMS/apache-mod_perl-1.3.22_1.26-2.1mdk.src.rpm
0130d2cd2734f6ef4e1d7f9ab241eee1 8.1/SRPMS/mod_auth_external-2.1.12-1.1mdk.src.rpm
dce34a89cce9bf51866412a340f50b81 8.1/SRPMS/mod_auth_radius-1.5.2-3.1mdk.src.rpm
563390dc257414c2c58ae9488a9cc0dd 8.1/SRPMS/mod_frontpage-1.5.1-5.1mdk.src.rpm
438d6418a8480eefe7856929a769e89c 8.1/SRPMS/mod_gzip-1.3.19.1a-4.1mdk.src.rpm
98e0c4fd6ddee6fe819572db0480ee26 8.1/SRPMS/mod_php-4.0.6-7.1mdk.src.rpm
0e70480b620ec355508b6346ab94eaa9 8.1/SRPMS/mod_ssl-2.8.5-1.1mdk.src.rpm
a504506de3284b4fc8e890d0c3b05d8c 8.1/SRPMS/mod_sxnet-1.2.4-7.1mdk.src.rpm
Corporate Server 1.0.1:
a0c74b9f69ad117df32f94a44e08369d 1.0.1/RPMS/HTML-Embperl-1.3.22_1.3.3-1.4mdk.i586.rpm
a26976127fd8d6285857c7bdb404b056 1.0.1/RPMS/apache-1.3.22-1.4mdk.i586.rpm
ecf3c8ff4330e3b5f557f23e7335c58d 1.0.1/RPMS/apache-common-1.3.22-1.4mdk.i586.rpm
98db2dff731d5bfa36deda9007f49a75 1.0.1/RPMS/apache-conf-1.3.22-1.4mdk.i586.rpm
3d77b52f1f66b640c2cafe24d3dc00e3 1.0.1/RPMS/apache-devel-1.3.22-1.4mdk.i586.rpm
1f79ad246098b463aa7f06c46aacef50 1.0.1/RPMS/apache-manual-1.3.22-1.4mdk.i586.rpm
f27a75a23fc49cf367b1920e6adb2eea 1.0.1/RPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.i586.rpm
96f81f246aeb359c5e3840df4f5291e5 1.0.1/RPMS/apache-modules-1.3.22-1.4mdk.i586.rpm
4ddb0422c7c4132303986ac4e4604b68 1.0.1/RPMS/apache-source-1.3.22-1.4mdk.i586.rpm
d498e15cf630a20200ef9c44628cbcbe 1.0.1/RPMS/apache-suexec-1.3.22-1.4mdk.i586.rpm
656ab9df6cf8390e68af9e9ceab1b99e 1.0.1/RPMS/mm-1.1.3-8.1mdk.i586.rpm
aacc6cc46078cf0ff77af06693484b9a 1.0.1/RPMS/mm-devel-1.1.3-8.1mdk.i586.rpm
b44090cf5650f623ddca48cf1d16d768 1.0.1/RPMS/mod_perl-common-1.3.22_1.25_01-1.4mdk.i586.rpm
db5afc42b3a3cf496b8ff34bb1d8dbd4 1.0.1/RPMS/mod_perl-devel-1.3.22_1.25_01-1.4mdk.i586.rpm
3bebfdfba378ffd53217ae1c921a0ba4 1.0.1/RPMS/mod_php-4.0.6-5.1mdk.i586.rpm
d45009a853fac9ed14a5aefe7343274c 1.0.1/RPMS/mod_ssl-2.8.5-1.4mdk.i586.rpm
7d6bc0c02175a89d82868f9c90b14c03 1.0.1/RPMS/mod_sxnet-1.2.4-1.4mdk.i586.rpm
81ac490000934a9b563af2f1f300d00e 1.0.1/RPMS/perl-5.600-17mdk.i586.rpm
e9cc54bdd262fb04f8898a4b2b4c5dbf 1.0.1/RPMS/perl-base-5.600-17mdk.i586.rpm
d67e860357ba7e4b539febd73067614f 1.0.1/RPMS/perl-devel-5.600-17mdk.i586.rpm
4bd07a25bc52e054bbbf0cc7ee487b20 1.0.1/RPMS/php-4.0.6-5.1mdk.i586.rpm
f258835ad065fa5b0ccb5ae200909bd2 1.0.1/RPMS/php-common-4.0.6-5.1mdk.i586.rpm
412fd9e43315da1639705fc938610721 1.0.1/RPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.i586.rpm
80e54093258c0ad73448c2fa304fd44e 1.0.1/RPMS/php-devel-4.0.6-5.1mdk.i586.rpm
f71c43dd49265c3ff19285705b4917f7 1.0.1/RPMS/php-gd-4.0.6-2.1mdk.i586.rpm
e2a8512f05f092490ba55bba23099931 1.0.1/RPMS/php-imap-4.0.6-2.1mdk.i586.rpm
73b085e96f3626ea900e2db04b216447 1.0.1/RPMS/php-ldap-4.0.6-3.1mdk.i586.rpm
339b190be55a37cc339ac74890eeca09 1.0.1/RPMS/php-manual_en-4.0.6-1.1mdk.i586.rpm
6fd7c59d5eb7923cbaa41941e6d60639 1.0.1/RPMS/php-mysql-4.0.6-3.1mdk.i586.rpm
ca9b50b2607cc74290dff5059679b3ee 1.0.1/RPMS/php-pgsql-4.0.6-3.1mdk.i586.rpm
b3ef0ae443fa565cea495540e8f3a2f9 1.0.1/RPMS/php-readline-4.0.6-2.1mdk.i586.rpm
e88d8db2d3eb08a9ba5d734ba70afea5 1.0.1/SRPMS/apache-1.3.22-1.4mdk.src.rpm
1f10d0440606e3fa12162ef7d90445e9 1.0.1/SRPMS/apache-conf-1.3.22-1.4mdk.src.rpm
520f1bbfb86bbc821dbbead04acb21f8 1.0.1/SRPMS/apache-mod_perl-1.3.22_1.25_01-1.4mdk.src.rpm
8907e70b755a10ec3373cefbd5ba2f06 1.0.1/SRPMS/mm-1.1.3-8.1mdk.src.rpm
776d3967170249f7b9f6e834247dab9b 1.0.1/SRPMS/mod_php-4.0.6-5.1mdk.src.rpm
95b0e84c9959ce648d0d32a2429bb446 1.0.1/SRPMS/mod_ssl-2.8.5-1.4mdk.src.rpm
ea836a7af8a82d466d7e44bc8672d36a 1.0.1/SRPMS/mod_sxnet-1.2.4-1.4mdk.src.rpm
0734fd60f0c0e240b75cac1d2aeeca0b 1.0.1/SRPMS/perl-5.600-17mdk.src.rpm
fb3721213ead8f4203e75bbca0f1a6fb 1.0.1/SRPMS/php-4.0.6-5.1mdk.src.rpm
66206da40ebfbbae1dee8b827a452f6c 1.0.1/SRPMS/php-dba_gdbm_db2-4.0.6-4.1mdk.src.rpm
96e6b5b2e3bc0e80cb4b0dddfbb6d625 1.0.1/SRPMS/php-gd-4.0.6-2.1mdk.src.rpm
cad47e6fc08748e0df4906bebc405488 1.0.1/SRPMS/php-imap-4.0.6-2.1mdk.src.rpm
206ca1678d9a2f6b8133ee321e2a948f 1.0.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm
d7e5c28911385fe0d571f72d4f8d887e 1.0.1/SRPMS/php-manual_en-4.0.6-1.1mdk.src.rpm
6c06362fc536f070f8fd9a9784c1dcac 1.0.1/SRPMS/php-mysql-4.0.6-3.1mdk.src.rpm
7fa7e174ef947b6c9dfb623fa28f6fd0 1.0.1/SRPMS/php-pgsql-4.0.6-3.1mdk.src.rpm
01b22613672059703e681dd5c004e3f6 1.0.1/SRPMS/php-readline-4.0.6-2.1mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".
You can download the updates directly from one of the mirror sites
listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them.
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other security advisories for Mandrake Linux at:
http://www.linux-mandrake.com/en/security/
If you want to report vulnerabilities, please contact
security@linux-mandrake.com
________________________________________________________________________
Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:
security-announce@linux-mandrake.com
Mandrake Linux's security announcements mailing list. Only
announcements are sent to this list and it is read-only.
security-discuss@linux-mandrake.com
Mandrake Linux's security discussion mailing list. This list is open
to anyone to discuss Mandrake Linux security specifically and Linux
security in general.
To subscribe to either list, send a message to
sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.
To remove yourself from either list, send a message to
sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.
To get more information on either list, send a message to
sympa@linux-mandrake.com
with "info [listname]" in the body of the message.
Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:
http://www.linux-mandrake.com/en/flists.php3#security
________________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security@linux-mandrake.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8BBzymqjQ0CJFipgRAsskAJ4lpJb6gm7ldx5VRWs+Kx8CIwZf2wCbBbxn
J9E1SOi+LkHlw1PMtT8T+tc=
=lEME
-----END PGP SIGNATURE-----
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
The CERT Coordination Center thanks ProCheckup Ltd for reporting this vulnerability.
This document was written by Art Manion.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.21 |
| Date Public: | 2001-11-20 |
| Date First Published: | 2001-11-21 |
| Date Last Updated: | 2002-05-28 21:49 UTC |
| Document Revision: | 19 |