Fedora 14 : mod_fcgid-2.3.6-1.fc14 (2010-17472)

High Nessus Plugin ID 50616


The remote Fedora host is missing a security update.


This update to the current upstream maintenance release includes a fix for a possible stack buffer overwrite (CVE-2010-3872).

It also changes the default value of FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements.

Other changes are described in CHANGES-FCGID document included in the package.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected mod_fcgid package.

See Also


Plugin Details

Severity: High

ID: 50616

File Name: fedora_2010-17472.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2010/11/17

Modified: 2015/10/20

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mod_fcgid, cpe:/o:fedoraproject:fedora:14

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2010/11/08

Reference Information

CVE: CVE-2010-3872

OSVDB: 69275

FEDORA: 2010-17472