|
Family: Debian Local Security Checks --> Category: infos
[DSA594] DSA-594-1 apache Vulnerability Scan
Vulnerability Scan Summary DSA-594-1 apache
Detailed Explanation for this Vulnerability Test
Two vulnerabilities have been identified in the Apache 1.3 webserver:
"Crazy Einstein" has discovered a vulnerability in the
"mod_include" module, which can cause a buffer to be overflown and
could lead to the execution of arbitrary code.
Larry Cashdollar has discovered a potential buffer overflow in the
htpasswd utility, which could be exploited when user-supplied is
passed to the program via a CGI (or PHP, or ePerl, ...) program.
For the stable distribution (woody) these problems have been fixed in
version 1.3.26-0woody6.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.33-2.
We recommend that you upgrade your apache packages.
Solution : http://www.debian.org/security/2004/dsa-594
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|