Mandrake Linux Security Advisory : apache (MDKSA-2000:060-2)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

The Apache web server comes with a module called mod_rewrite which is
used to rewrite URLs presented by the client prior to further
processing. There is a flaw in the mod_rewrite logic that allows an
attacker to view arbitrary files on the server system if they contain
regular expression references. All Linux-Mandrake users using Apache
are encouraged to upgrade to these updated versions that fix this
flaw.

The Apache package for 7.1 had a problem with improper permissions on
the suexec wrapper which prevented it from running if the
apache-suexec package was installed. As well, the uninstall script
would exit with errors. Both issues are fixed. The new md5 checksums
are listed below.

Update :

The permissions on the -14mdk apache-suexec package were still
incorrect. While some CGI scripts would perform, others would not due
to the permissions being 4700 and not 4711. The -15mdk RPMs for 7.1
fix this issue.

Solution :

Update the affected apache, apache-devel and / or apache-suexec
packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61847 ()

Bugtraq ID:

CVE ID: CVE-2000-0913

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now