Apache 1.3.32 and php 4.3.9 needed!

interfasys

interfasys

Verified User
Joined
Oct 31, 2003
Messages
1,816
Location
Switzerland
Apache 1.3.32 and php 4.3.9 needed (when available)!

Vulnerability https (443/tcp)
The remote host appears to be running a version of Apache which is older
than 1.3.32.

There is a local buffer overflow in htpasswd command in this version,
which may allow a local user to gain the privileges of the httpd process.

See also : http://xforce.iss.net/xforce/xfdb/17413
Solution : Upgrade to Apache 1.3.32 when available
Risk factor : High
Nessus ID : 14771

////////////////////////////

The remote host is running a version of PHP which is
older than 4.3.9 or 5.0.2.

The remote version of this software is affected by an unspecified file
upload vulnerability which may allow an attacker to upload arbitrary
files to the remote server.

See also : http://viewcvs.php.net/viewcvs.cgi/php-src/NEWS.diff?r1=1.1247.2.724&r2=1.1247.2.726
Solution : Upgrade to PHP 4.3.9 or 5.0.2 when available
Risk factor : Medium
BID : 11190
Nessus ID : 14770
 
Last edited:
As far as I can tell there is no 1.3.32 yet? That would pretty sjitty of the guys just exposing the leak without informing apache.org.. Or something else is going on.. It's a local exploit but still..

edit: the guys = iss.net
 
Last edited:
I'm not sure if it was my fault yet or there is a bug but this what I did and it broke Frontpage.

Thought I'd let everybody know.

Done a
./build clean
./build update

downloaded new mod_ssl and apache 1.3.32
changed build and configure.apache_ssl to reflect apache and mod_ssl

Once compiled it complained about frontpage and apache wouldn't start, commenting out the Load Module line for frontpage fixed apache.

Any Ideas?
 
Last edited:
when I do ./build update it doesnt get 1.3.32 it just says 1.3.31 already exists.

what am I doing wrong?
 
Uh, I just did the update. My DirectAdmin sent me a message saying Apache shutdown before the script finished installing everything.
(I did ./build all)
When I got the message at the end of the installation to restart httpd, I got this:
Stopping httpd: [FAILED]
/etc/init.d/httpd: line 46: ulimit: open files: cannot modify limit: Invalid argument
/etc/init.d/httpd: line 47: ulimit: open files: cannot modify limit: Invalid argument
/etc/init.d/httpd: line 48: ulimit: open files: cannot modify limit: Invalid argument
/etc/init.d/httpd: line 49: ulimit: open files: cannot modify limit: Invalid argument
Starting httpd: Syntax error on line 280 of /etc/httpd/conf/httpd.conf:
module frontpage_module is built-in and can't be loaded
[FAILED]

Can anyone help me??
 
Same problem here, I put a # for this module and restart so httpd is working but without frontpage
 
no fix from now but you can put a # for frontpage_midule in your httpd.conf and restart your httpd, the httpd wil sart and your websites are online ;-)

Waiting for the update and remove the # in the httpd is an option
 
I did that. But my clients will start calling if frontpage doesn't work :-). Hope they release a fix soon.,
 
Yeah, I commented out the frontpage_module on httpd.conf as well. Hope a fix for this comes out soon.
 
directadmin take notice of this please.

Syntax error on line 97 of /etc/httpd/conf/httpd.conf:
module frontpage_module is built-in and can't be loaded
 
You must log in or register to reply here.
Back
Top