VUPEN Security - Mandriva Security Update Fixes Apache Mod_perl Remote Denial of Service Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Apache Mod_perl Remote Denial of Service Vulnerability

Title : Mandriva Security Update Fixes Apache Mod_perl Remote Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2007-1350
CVE ID : CVE-2007-1349
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-12

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Mandriva has released security updates to address a vulnerability identified in apache-mod_perl. This issue could be exploited by attackers to cause a denial of service. For additional information, see : VUPEN/ADV-2007-1150

Affected Products

Mandriva Linux 2006.0
Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages :

Mandriva Linux 2006.0:
36fc6ebd1647bf1cd0d404f19342ad7e 2006.0/i586/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.i586.rpm
02dce36084140d70e829e47d960ea576 2006.0/i586/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.i586.rpm
0b880a7578f7f0d4378f9e21204696c9 2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
fa69d3b6658b440e244404c8a27dc31a 2006.0/x86_64/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm
e2cd324ddefb059d9e15c7cf29378dd6 2006.0/x86_64/apache-mod_perl-devel-2.0.54_2.0.1-6.1.20060mdk.x86_64.rpm
0b880a7578f7f0d4378f9e21204696c9 2006.0/SRPMS/apache-mod_perl-2.0.54_2.0.1-6.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
a5144771fa71b818e2d89f8c417c5243 2007.0/i586/apache-mod_perl-2.0.2-8.1mdv2007.0.i586.rpm
a165f6820d6c1ffd2cfc671aa2a44310 2007.0/i586/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.i586.rpm
a3829703a55a306a1132d496e63ec652 2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
af928b60d4291c583bad0f4c04ca6169 2007.0/x86_64/apache-mod_perl-2.0.2-8.1mdv2007.0.x86_64.rpm
e54445500f5ca4a28a3a4bbb2223d792 2007.0/x86_64/apache-mod_perl-devel-2.0.2-8.1mdv2007.0.x86_64.rpm
a3829703a55a306a1132d496e63ec652 2007.0/SRPMS/apache-mod_perl-2.0.2-8.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
e52c43b0f7a66915e4c76aae38d3877b 2007.1/i586/apache-mod_perl-2.0.3-3.1mdv2007.1.i586.rpm
01fcca2beb3f2c79d9f4ac8aae13c631 2007.1/i586/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.i586.rpm
3d752f5e1d08baf118da6ce8407a4ee7 2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
e969fb39acb7ce53cf8528fbc6283a9d 2007.1/x86_64/apache-mod_perl-2.0.3-3.1mdv2007.1.x86_64.rpm
4d43ab40be1bd7b404866ae0af6e2663 2007.1/x86_64/apache-mod_perl-devel-2.0.3-3.1mdv2007.1.x86_64.rpm
3d752f5e1d08baf118da6ce8407a4ee7 2007.1/SRPMS/apache-mod_perl-2.0.3-3.1mdv2007.1.src.rpm

Corporate 3.0:
e5e446755e5b3b403e573ee356bd01be corporate/3.0/i586/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.i586.rpm
1399d977fdae6085bc59102b8577c052 corporate/3.0/i586/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.i586.rpm
c49b2f2564a381aa22dd02b9d4f7c607 corporate/3.0/i586/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.i586.rpm
f2534e8cd62267e0cfffb147323e816c corporate/3.0/i586/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.i586.rpm
cd85d71d94598d066a912b57ea8b1534 corporate/3.0/i586/mod_perl-common-1.3.29_1.29-3.2.C30mdk.i586.rpm
32700fd599acc6d2e012f00155586bc1 corporate/3.0/i586/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.i586.rpm
0ff32be9c7e314b93142b25c0ccfc3ff corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm
672b33503464c59bdda5025f1004ab0b corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
afc8e04510079792d9bf6a2c43dad3cf corporate/3.0/x86_64/HTML-Embperl-1.3.29_1.3.6-3.2.C30mdk.x86_64.rpm
35977f84e3a1ce37e0f5a50814675c7a corporate/3.0/x86_64/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.x86_64.rpm
a8c7bd9351bcc6c83b204646df7bffdd corporate/3.0/x86_64/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm
397ad0e9ea70f6f0bcdae436b7dd4e53 corporate/3.0/x86_64/apache2-mod_perl-devel-2.0.48_1.99_11-3.1.C30mdk.x86_64.rpm
42c4e59c5174e84b7b7659de0f6d0b3e corporate/3.0/x86_64/mod_perl-common-1.3.29_1.29-3.2.C30mdk.x86_64.rpm
7acc7a6c50b41a4c9900910a0c1b3ec0 corporate/3.0/x86_64/mod_perl-devel-1.3.29_1.29-3.2.C30mdk.x86_64.rpm
0ff32be9c7e314b93142b25c0ccfc3ff corporate/3.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.2.C30mdk.src.rpm
672b33503464c59bdda5025f1004ab0b corporate/3.0/SRPMS/apache2-mod_perl-2.0.48_1.99_11-3.1.C30mdk.src.rpm

Corporate 4.0:
c7dbc8d2b1f4a7959cc8ba28b229512c corporate/4.0/i586/apache-mod_perl-2.0.2-8.1.20060mlcs4.i586.rpm
88e16a7e0755a3a1fe987f6f2c44336c corporate/4.0/i586/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.i586.rpm
b540d29b6047b936c56df54fc112840a corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
737b44aec85fe3177a10c95e42394f08 corporate/4.0/x86_64/apache-mod_perl-2.0.2-8.1.20060mlcs4.x86_64.rpm
f0244a54e2366d511486a2b4a0243ccb corporate/4.0/x86_64/apache-mod_perl-devel-2.0.2-8.1.20060mlcs4.x86_64.rpm
b540d29b6047b936c56df54fc112840a corporate/4.0/SRPMS/apache-mod_perl-2.0.2-8.1.20060mlcs4.src.rpm

References

http://www.vupen.com/english/advisories/2007/1350
http://archives.mandrivalinux.com/security-announce/2007-04/msg00018.php

ChangeLog

2007-04-12 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-19

CA ARCserve Backup JRE Code Execution and Security Bypass Issues

>> 2010-03-19

Debian Security Update Fixes PHP XML-RPC Denial of Service Issue

>> 2010-03-19

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

>> 2010-03-18

IBM DB2 Content Manager Web Services Single Sign-on Vulnerability

>> 2010-03-18

Transmission "tr_magnetParse()" Magnet Buffer Overflow Vulnerability

More Informations