aru Posted October 28, 2005 Share Posted October 28, 2005 Mandriva Security Advisories MDKSA-2005:200 : apache-mod_auth_shadow Updated apache-mod_auth_shadow packages fix security restriction bypass issues. October 27th, 2005 The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. This update requires an explicit "AuthShadow on" statement if website authentication should be checked against /etc/shadow. The updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: 10.1 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:200 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2963 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts