Mandrake Linux Security Advisory : mod_frontpage (MDKSA-2002:021)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A problem was found in versions of improved mod_frontpage prior to
1.6.1 regarding a lack of boundary checks in fpexec.c. This means that
the suid root binary is exploitable for buffer overflows. This could
be exploited by remote attackers to execute arbitrary code on the
server with superuser privileges. Although there are no known exploits
available, if you use mod_frontpage you are strongly encouraged to
upgrade.

This update for Mandrake Linux has been completely reworked and is
easier to configure and use, as well as supporting the new FrontPage
2002 extensions.

Solution :

Update the affected mod_frontpage package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13929 (mandrake_MDKSA-2002-021.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0427

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now