Mandriva Linux Security Advisory : apache-mod_auth_shadow (MDVSA-2010:081)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

A vulnerability has been found and corrected in
apache-mod_auth_shadow :

A race condition was found in the way mod_auth_shadow used an external
helper binary to validate user credentials (username / password
pairs). A remote attacker could use this flaw to bypass intended
access restrictions, resulting in ability to view and potentially
alter resources, which should be otherwise protected by authentication

Packages for 2008.0 are provided for Corporate Desktop 2008.0

The updated packages have been patched to correct this issue.

See also :

Solution :

Update the affected apache-mod_auth_shadow package.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Mandriva Local Security Checks

Nessus Plugin ID: 45566 (mandriva_MDVSA-2010-081.nasl)

Bugtraq ID:

CVE ID: CVE-2010-1151

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now