Detections
Analytics
Mandrake Linux Security Advisory : apache (MDKSA-2006:133)
high Nessus Plugin ID 23883
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling.In order for this to be exploitable, a number of conditions need to be met including a) running a vulnerable version of Apache (1.3.28+, 2.0.46+, or 2.2.0+), b) enabling mod_rewrite, c) having a rewrite rule that the remote user can influence the beginning of, and d) a particular stack frame layout.
By default, RewriteEngine is not enabled in Mandriva Linux Apache packages, and no RewriteRules are defined.
Updated packages have been patched to correct this issue.
Solution
Update the affected packages.Plugin Details
Severity: High
ID: 23883
File Name: mandrake_MDKSA-2006-133.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 12/16/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: High
Base Score: 7.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:apache-base, p-cpe:/a:mandriva:linux:apache-devel, p-cpe:/a:mandriva:linux:apache-mod_cache, p-cpe:/a:mandriva:linux:apache-mod_dav, p-cpe:/a:mandriva:linux:apache-mod_deflate, p-cpe:/a:mandriva:linux:apache-mod_disk_cache, p-cpe:/a:mandriva:linux:apache-mod_file_cache, p-cpe:/a:mandriva:linux:apache-mod_ldap, p-cpe:/a:mandriva:linux:apache-mod_mem_cache, p-cpe:/a:mandriva:linux:apache-mod_proxy, p-cpe:/a:mandriva:linux:apache-mod_userdir, p-cpe:/a:mandriva:linux:apache-modules, p-cpe:/a:mandriva:linux:apache-mpm-peruser, p-cpe:/a:mandriva:linux:apache-mpm-prefork, p-cpe:/a:mandriva:linux:apache-mpm-worker, p-cpe:/a:mandriva:linux:apache-source, cpe:/o:mandriva:linux:2006
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/28/2006
Exploitable With
Core Impact
Metasploit (Apache Module mod_rewrite LDAP Protocol Buffer Overflow)
Reference Information
CVE: CVE-2006-3747
CWE: 189
MDKSA: 2006:133