Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: Apache: Security Bypass
Posted by Benjamin D. Thomas
A security issue has been reported in Apache HTTP Server, which can be exploited by malicious, local users to bypass certain security restrictions.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-88 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-06-13
Severity: 2
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been reported in Apache HTTP Server, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Description
===========
The security issue is caused due to an error when processing
"AllowOverride" directives and certain "Options" arguments in
".htaccess" files, which can be exploited to e.g. execute commands via
Server Side Includes.
Affected packages:
Pardus 2008:
apache, all before 2.2.11-29-8
Resolution
==========
There are update(s) for apache. You can update them via Package Manager
or with a single command from console:
pisi up apache
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9843
* http://svn.apache.org/viewvc?view=rev&revision=772997
* http://secunia.com/advisories/35261/2/
