Nessus Plugin #14974
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA137] DSA-137-1 mm
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-137-1 mm
- Version:
- $Revision: 1.4 $
- Cve_id:
- CVE-2002-0658
- Bugtraq_id:
- 5352
- Xrefs:
- DSA:137
- Description:
Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary
file vulnerability in the mm shared memory library. This problem can
be exploited to gain root access to a machine running Apache which is
linked against this library, if shell access to the user &ldquo
www-data&rdquo
is already available (which could easily be triggered through PHP).
This problem has been fixed in the upstream version 1.2.0 of mm, which
will be uploaded to the unstable Debian distribution while this
advisory is released. Fixed packages for potato (Debian 2.2) and
woody (Debian 3.0) are linked below.
We recommend that you upgrade your libmm packages immediately and
restart your Apache server.
Solution : http://www.debian.org/security/2002/dsa-137
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.