|
|
Family: Debian Local Security Checks --> Category: infos
[DSA137] DSA-137-1 mm Vulnerability Scan
Vulnerability Scan Summary
DSA-137-1 mm
Detailed Explanation for this Vulnerability Test
Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary
file vulnerability in the mm shared memory library. This problem can
be exploited to gain root access to a machine running Apache which is
linked against this library, if shell access to the user &ldquo
www-data&rdquo
is already available (which could easily be triggered through PHP).
This problem has been fixed in the upstream version 1.2.0 of mm, which
will be uploaded to the unstable Debian distribution while this
advisory is released. Fixed packages for potato (Debian 2.2) and
woody (Debian 3.0) are linked below.
We recommend that you upgrade your libmm packages immediately and
restart your Apache server.
Solution : http://www.debian.org/security/2002/dsa-137
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
