Detections
Analytics
Mandrake Linux Security Advisory : apache (MDKSA-2004:134)
medium Nessus Plugin ID 15739
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI.The updated packages have been patched to prevent this problem.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 15739
File Name: mandrake_MDKSA-2004-134.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 11/17/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2, p-cpe:/a:mandriva:linux:apache, p-cpe:/a:mandriva:linux:apache-devel, p-cpe:/a:mandriva:linux:apache-modules, p-cpe:/a:mandriva:linux:apache-source, cpe:/o:mandrakesoft:mandrake_linux:10.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 11/15/2004
Reference Information
CVE: CVE-2004-0940
CWE: 119
MDKSA: 2004:134