Back to list
rPSA-2009-0142-2 httpd mod_ssl
Nov 13 2009 01:02AM
rPath Update Announcements (announce-noreply rpath com)
rPath Security Advisory: 2009-0142-2
2009-11-12 updated to reference CVE-2009-1891
rPath Appliance Platform Linux Service 2
rPath Linux 2
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
rPath Issue Tracking System:
Previous versions of httpd do not properly handle Options=IncludesNOEXEC
in the AllowOverride directive, which allows local users to gain
privileges via a specially crafted .htaccess file combined with an exec
element in a .shtml file.
Additionally, two similar vulnerabilities exist -- one in mod_proxy,
and one in mod_deflate -- which could allow a remote attacker
to cause a denial of service (CPU consumption) via crafted requests.
These three issues have been addressed in this release.
Copyright 2009 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
[ reply ]
Copyright 2010, SecurityFocus