Test ID:	1.3.6.1.4.1.25623.1.0.67234
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:081 (apache-mod_auth_shadow)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to apache-mod_auth_shadow announced via advisory MDVSA-2010:081. A vulnerability has been found and corrected in apache-mod_auth_shadow: A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials (username / password pairs). A remote attacker could use this flaw to bypass intended access restrictions, resulting in ability to view and potentially alter resources, which should be otherwise protected by authentication (CVE-2010-1151). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:081 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1151 39538 http://www.securityfocus.com/bid/39538 39823 http://secunia.com/advisories/39823 ADV-2010-0908 http://www.vupen.com/english/advisories/2010/0908 ADV-2010-1148 http://www.vupen.com/english/advisories/2010/1148 FEDORA-2010-6323 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html FEDORA-2010-6359 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html MDVSA-2010:081 http://www.mandriva.com/security/advisories?name=MDVSA-2010:081 https://bugzilla.redhat.com/show_bug.cgi?id=578168
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.