Improved mod_frontpage 是一个apache web服务器的模块,允许使用Frontpage客户端对WEB服务器进行交互。
Improved mod_frontpage 发现存在一个缓冲溢出可以导致远程攻击者破坏WEB服务器,问题存在于fp_exec.c代码中,对内存的拷贝操作没有进行合法的边界检查。
The remote host is using the Apache mod_frontpage module.
mod_frontpage older than 1.6.1 is vulnerable to a buffer
overflow which may allow an attacker to gain root access.*** Since Nessus was not able to remotely determine the version
*** of mod_frontage you are running, you are advised to manually
*** check which version you are running as this might be a false
*** positive.If you want the remote server to be remotely secure, we advise
you do not use this module at all.Solution : Disable this module
Risk factor : High
CVE : CVE-2002-0427
BID : 4251
Nessus ID : 11303
本文Dao Blog - 道博客版权所有,可转载,但需注明出处:http://www.daoblog.com/apache-mod_frontpage-module.html
下篇文章: wget断点续传
上篇文章: 学习Linux的几个地方
"服务器的mod_frontpage漏洞" was posted on Thursday, February 28th, 2008 at 11:05 pm.
