Full Disclosure mailing list archives
rPSA-2006-0139-1 httpd mod_ssl
From: "Justin M. Forbes" <jmforbes () rpath com>
Date: Fri, 28 Jul 2006 15:16:19 -0400
rPath Security Advisory: 2006-0139-1 Published: 2006-07-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: httpd=/conary.rpath.com@rpl:devel//1/2.0.59-0.1-1 mod_ssl=/conary.rpath.com@rpl:devel//1/2.0.59-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 https://issues.rpath.com/browse/RPL-538 Description: Previous versions of the httpd package contain a vulnerability in the mod_rewrite module. In some configurations, this vulnerability provides a remote attacker an opportunity to run arbitrary code as the httpd user. The default configuration of the httpd package is not not vulnerable to this attack because it does not provide any mod_rewrite rules that would enable the vulnerability. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2006-0139-1 httpd mod_ssl Justin M. Forbes (Jul 28)