Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.51523
Categoría:Conectiva Local Security Checks
Título:Conectiva Security Advisory CLA-2002:504
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory CLA-2002:504.

Apache[1] is the most popular webserver in use today. mod_ssl[2] is
an Apache module which enables the use of encrypted connections
(https://) to the web server and provides a set of crypto and
authentication related functions.

This module is not part of the apache distribution, but is bundled
and enabled by default in the Conectiva Linux Apache packages.

An off-by-one buffer overflow vulnerability exists in the code which
handles entries in .htaccess files in mod_ssl <= 2.8.9. It was
discovered[3] by Frank DENIS (Jedi/Sector One) .

The htaccess mechanism is disabled by default in Conectiva Linux and
can be controled by the AllowOverride variable in the apache
configuration file. It is useful to allow non privileged users to
customize the configuration of their sites.

An attacker who can manipulate the contents of the .htaccess file can
potentially cause a DoS or even execute arbitrary commands in the
httpd service context, which is run by an unprivileged user
(typically www or nobody).


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:504
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.