Vulnerabilities > CVE-2002-0427 - Buffer Overflow vulnerability in Improved mod_frontpage

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

nessus

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.

Part	Description	Count
Application	Christof_Pohl Christof Pohl Improved MOD Frontpage 1.3.2 Christof Pohl Improved MOD Frontpage 1.4.1 Christof Pohl Improved MOD Frontpage 1.5 Christof Pohl Improved MOD Frontpage 1.5.1	4

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2002-021.NASL
description	A problem was found in versions of improved mod_frontpage prior to 1.6.1 regarding a lack of boundary checks in fpexec.c. This means that the suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. Although there are no known exploits available, if you use mod_frontpage you are strongly encouraged to upgrade. This update for Mandrake Linux has been completely reworked and is easier to configure and use, as well as supporting the new FrontPage 2002 extensions.
last seen	2020-06-01
modified	2020-06-02
plugin id	13929
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13929
title	Mandrake Linux Security Advisory : mod_frontpage (MDKSA-2002:021)

NASL family	Web Servers
NASL id	MOD_FRONTPAGE.NASL
description	The remote host is using the Apache mod_frontpage module. mod_frontpage older than 1.6.1 is vulnerable to a buffer overflow that could allow an attacker to gain root access. * Since Nessus was not able to remotely determine the version * of mod_frontage you are running, you are advised to manually * check which version you are running as this might be a false * positive. If you want the remote server to be remotely secure, we advise you do not use this module at all.
last seen	2020-06-01
modified	2020-06-02
plugin id	11303
published	2003-03-02
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11303
title	mod_frontpage for Apache fpexec Remote Overflow