|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-02] Cherokee: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary
Cherokee: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-02
(Cherokee: Format string vulnerability)
Florian Schilhabel from the Gentoo Linux Security Audit Team found a format
string vulnerability in the cherokee_logger_ncsa_write_string() function.
Impact
Using a specially crafted URL when authenticating via auth_pam, a malicious
user may be able to crash the server or execute arbitrary code on the
target machine with permissions of the user running Cherokee.
Workaround
There is no known workaround at this time.
Solution:
All Cherokee users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/cherokee-0.4.17.1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
