Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:048)
Medium Nessus Plugin ID 13951
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionFrank Denis discovered an off-by-one error in mod_ssl dealing with the handling of older configuration directorives (the rewrite_command hook). A malicious user could use a specially crafted .htaccess file to execute arbitrary commands as the apache user or execute a DoS against the apache child processes.
This vulnerability is fixed in mod_ssl 2.8.10; patches have been applied to correct this problem in these packages.
SolutionUpdate the affected mod_ssl package.