Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.50942 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Security Advisory RHSA-2003:114 |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing updates announced in advisory RHSA-2003:114. The Web server module mod_auth_any allows the Apache httpd server to call arbitrary external programs to verify user passwords. Vulnerabilities have been found in versions of mod_auth_any included in Red Hat Enterprise Linux concerning the method by which mod_auth_any escapes shell arguments when calling external programs. These vulnerabilities allow remote attackers to run arbitrary commands as the user under which the Web server is running. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0084 to these issues. All users are advised to upgrade to these errata packages, which change the method by which external programs are invoked and, therefore, make these programs invulnerable to these issues. Red Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing these issues to our attention. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-114.html Risk factor : High CVSS Score: 7.5 |
Cross-Ref: |
BugTraq ID: 7448 Common Vulnerability Exposure (CVE) ID: CVE-2003-0084 http://www.securityfocus.com/bid/7448 Computer Incident Advisory Center Bulletin: N-090 http://www.ciac.org/ciac/bulletins/n-090.shtml http://www.redhat.com/support/errata/RHSA-2003-113.html RedHat Security Advisories: RHSA-2003:114 http://rhn.redhat.com/errata/RHSA-2003-114.html XForce ISS Database: modauthany-command-execution(11893) https://exchange.xforce.ibmcloud.com/vulnerabilities/11893 |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |