Mandrake Linux Security Advisory : apache (MDKSA-2004:134)
Medium Nessus Plugin ID 15739
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. This could be done with a special HTML document using malformed SSI.
The updated packages have been patched to prevent this problem.
SolutionUpdate the affected packages.