115606 : [GLSA-200411-03] Apache 1.3: Buffer Overflow Vulnerability In Mod_include

Risk 4 : Gentoo Local Checks

The remote host is affected by the vulnerability described in GLSA-200411-03 (Apache 1.3: Buffer overflow vulnerability in mod_include)

A possible buffer overflow exists in the get_tag() function of mod_include.c. Impact

If Server Side Includes (SSI) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process by making use of a specially-crafted document with malformed SSI. Workaround

There is no known workaround at this time.

Solution:
All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-1.3.32-r1"
References:
CVSS Information:
Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse