Mandriva Linux Security Advisory : apache-mod_auth_mysql (MDVSA-2009:189-1)
High Nessus Plugin ID 40464
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in mod_auth_mysql :
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input (CVE-2008-2384).
This update provides fixes for this vulnerability.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
SolutionUpdate the affected apache-mod_auth_mysql package.