Mandrake Linux Security Advisory : apache-mod_auth_shadow (MDKSA-2005:200)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with
AuthShadow enabled uses shadow authentication for all locations that
use the require group directive, even when other authentication
mechanisms are specified, which might allow remote authenticated users
to bypass security restrictions.

This update requires an explicit 'AuthShadow on' statement if website
authentication should be checked against /etc/shadow.

The updated packages have been patched to address this issue.

Solution :

Update the affected apache-mod_auth_shadow and / or
apache2-mod_auth_shadow packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20126 (mandrake_MDKSA-2005-200.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2963

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now