Mageia 6: MGASA-2018-0474 Moderate: Apache mod_perl Code Threat

mageia

December 2, 2018

A flaw was found in mod_perl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documen...

Summary

A flaw was found in mod_perl 2.0 through 2.0.10 which allows attackersto execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes (CVE-2011-2767).

References

- https://bugs.mageia.org/show_bug.cgi?id=23541

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3GS7G4X3FRAUBMBVQ4QXZAGZH2JIMG4/

- https://www.cve.org/CVERecord?id=CVE-2011-2767

Topics Covered

security advisory moderate code execution access control htaccess Mageia apache-mod_perl

Resolution

SRPMS

- 6/core/apache-mod_perl-2.0.10-1.1.mga6

Publication date: 02 Dec 2018

URL: https://advisories.mageia.org/MGASA-2018-0474.html

Type: security

CVE: CVE-2011-2767

Topics Covered

security advisory moderate code execution access control htaccess Mageia apache-mod_perl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks