Mandriva Linux Security Advisory : apache-mod_auth_shadow (MDVSA-2010:081)
Medium Nessus Plugin ID 45566
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in apache-mod_auth_shadow :
A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials (username / password pairs). A remote attacker could use this flaw to bypass intended access restrictions, resulting in ability to view and potentially alter resources, which should be otherwise protected by authentication (CVE-2010-1151).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct this issue.
SolutionUpdate the affected apache-mod_auth_shadow package.