Support / Sécurité / Annonces de sécurité / Mandrakelinux 8.1 / MDKSA-2002:021

Nom du paquet: mod_frontpage
Date: 2002-03-07
Advisory ID: MDKSA-2002:021
Affected versions: 8.1 i586 , 8.0 i586 , 8.1 i586 , 8.0 i586

Problem description

A problem was found in versions of improved mod_frontpage prior to 1.6.1 regarding a lack of boundary checks in fpexec.c. This means that the suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. Although there are no known exploits available, if you use mod_frontpage you are strongly encouraged to upgrade. This update for Mandrake Linux has been completely reworked and is easier to configure and use, as well as supporting the new FrontPage 2002 extensions.

Updated packages

8.1 i586

 8c2baeebb796353035f8816ed6cdfbed  8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm
2fb9a89afd1385ab60c894f6985284e7  8.1/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm

8.0 i586

 0b2760b21addbe6396be4abe6be97305  8.0/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm
2fb9a89afd1385ab60c894f6985284e7  8.0/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm

8.1 i586

 9d175e164af2e6a39c2d4576e543752e  ia64/8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.ia64.rpm
2fb9a89afd1385ab60c894f6985284e7  ia64/8.1/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm

8.0 i586

 009635a52c08313eede64f30fff223f2  ppc/8.0/RPMS/mod_frontpage-1.6.1-3.1mdk.ppc.rpm
2fb9a89afd1385ab60c894f6985284e7  ppc/8.0/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm