Detections
Analytics
Mandriva Linux Security Advisory : apache (MDVSA-2011:057)
medium Nessus Plugin ID 53244
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module (apache-mpm-itk) for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process (CVE-2011-1176).Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490
The updated packages uses the latest upstream ITK patch for apache that is unaffected by this issue.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 53244
File Name: mandriva_MDVSA-2011-057.nasl
Version: 1.11
Type: local
Family: Mandriva Local Security Checks
Published: 4/1/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:apache-base, p-cpe:/a:mandriva:linux:apache-devel, p-cpe:/a:mandriva:linux:apache-htcacheclean, p-cpe:/a:mandriva:linux:apache-mod_authn_dbd, p-cpe:/a:mandriva:linux:apache-mod_cache, p-cpe:/a:mandriva:linux:apache-mod_dav, p-cpe:/a:mandriva:linux:apache-mod_dbd, p-cpe:/a:mandriva:linux:apache-mod_deflate, p-cpe:/a:mandriva:linux:apache-mod_disk_cache, p-cpe:/a:mandriva:linux:apache-mod_file_cache, p-cpe:/a:mandriva:linux:apache-mod_ldap, p-cpe:/a:mandriva:linux:apache-mod_mem_cache, p-cpe:/a:mandriva:linux:apache-mod_proxy, p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp, p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi, p-cpe:/a:mandriva:linux:apache-mod_reqtimeout, p-cpe:/a:mandriva:linux:apache-mod_ssl, p-cpe:/a:mandriva:linux:apache-mod_userdir, p-cpe:/a:mandriva:linux:apache-modules, p-cpe:/a:mandriva:linux:apache-mpm-event, p-cpe:/a:mandriva:linux:apache-mpm-itk, p-cpe:/a:mandriva:linux:apache-mpm-peruser, p-cpe:/a:mandriva:linux:apache-mpm-prefork, p-cpe:/a:mandriva:linux:apache-mpm-worker, p-cpe:/a:mandriva:linux:apache-source, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2010.0, cpe:/o:mandriva:linux:2010.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/31/2011
Reference Information
CVE: CVE-2011-1176
BID: 46953
MDVSA: 2011:057