Vulnerabilities > CVE-2002-0427 - Unspecified vulnerability in Christof Pohl Improved MOD Frontpage
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN christof-pohl
nessus
Summary
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-021.NASL description A problem was found in versions of improved mod_frontpage prior to 1.6.1 regarding a lack of boundary checks in fpexec.c. This means that the suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. Although there are no known exploits available, if you use mod_frontpage you are strongly encouraged to upgrade. This update for Mandrake Linux has been completely reworked and is easier to configure and use, as well as supporting the new FrontPage 2002 extensions. last seen 2020-06-01 modified 2020-06-02 plugin id 13929 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13929 title Mandrake Linux Security Advisory : mod_frontpage (MDKSA-2002:021) NASL family Web Servers NASL id MOD_FRONTPAGE.NASL description The remote host is using the Apache mod_frontpage module. mod_frontpage older than 1.6.1 is vulnerable to a buffer overflow that could allow an attacker to gain root access. *** Since Nessus was not able to remotely determine the version *** of mod_frontage you are running, you are advised to manually *** check which version you are running as this might be a false *** positive. If you want the remote server to be remotely secure, we advise you do not use this module at all. last seen 2020-06-01 modified 2020-06-02 plugin id 11303 published 2003-03-02 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11303 title mod_frontpage for Apache fpexec Remote Overflow
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:17.mod_frontpage.asc
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:17.mod_frontpage.asc
- http://www.iss.net/security_center/static/8400.php
- http://www.iss.net/security_center/static/8400.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-021.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-021.php
- http://www.securityfocus.com/bid/4251
- http://www.securityfocus.com/bid/4251