aru Posted July 6, 2004 Report Share Posted July 6, 2004 Mandrakesoft Security Advisories MDKSA-2004:065 : apache Updated apache packages fix buffer overflow vulnerability in mod_proxy June 29th, 2004 A buffer overflow vulnerability was found by George Guninski in Apache's mod_proxy module, which can be exploited by a remote user to potentially execute arbitrary code with the privileges of an httpd child process (user apache).This can only be exploited, however, if mod_proxy is actually in use. It is recommended that you stop Apache prior to updating and then restart it again once the update is complete ("service httpd stop" and "service httpd start" respectively). The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 10.0 CS2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:065 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 http://www.guninski.com/modproxy1.html Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts