Fedora Update For Mod_auth_shadow FEDORA-2010-6323 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as &quot nobody&quot . mod_auth_shadow addresses this difficulty by opening a pipe to an suid root program, validate, which does the actual validation. When there is a failure, validate writes an error message to the system log, and waits three seconds before exiting.

Affected

mod_auth_shadow on Fedora 11

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1151

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Fedora Core 10 FEDORA-2009-1525 (xine-lib)
Fedora Core 10 FEDORA-2009-2859 (weechat)
Fedora Core 10 FEDORA-2009-1289 (gnumeric)
Fedora Core 10 FEDORA-2009-4175 (drupal)
Fedora Core 10 FEDORA-2009-5513 (jetty)

Fedora Update for mod_auth_shadow FEDORA-2010-6323

Take action and discover your vulnerabilities