diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2005-01-24 20:12:25 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2005-01-24 20:12:25 +0000 |
commit | ad23982e366248409ba6b1516d1ee3aeb9dc5888 (patch) | |
tree | 8343cc265d06b69be5b2d0e2a85e75e28a3df834 /security | |
parent | 9597b04c62f366f0c25b92d07a8232496aa4c5c2 (diff) | |
download | ports-ad23982e366248409ba6b1516d1ee3aeb9dc5888.tar.gz ports-ad23982e366248409ba6b1516d1ee3aeb9dc5888.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index efedde2c846d..99f4ef4b85df 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,42 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="88ff90f2-6e43-11d9-8c87-000a95bc6fae"> + <topic>mod_dosevasive -- insecure temporary file creation</topic> + <affects> + <package> + <name>mod_dosevasive20</name> + <range><ge>0</ge></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An LSS Security Advisory reports:</p> + <blockquote cite="http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-01"> + <p>When a denial of service attack is detected, + mod_dosevasive will, among other things, create a + temporary file which it will use to trace actions from the + offensive IP address. This file is insecurely created in + /tmp and it's name is easily predictable.</p> + <p>It is then easy for an attacker to create arbitrary files + in any directory that the user under which apache runs has + privileges to write.</p> + <p><em>[...]</em> once the target file is opened, there is a + race attack (although difficult to exploit) which can lead + to mod_dosevasive overwriting any file that the user under + which apache runs has privileges to write.</p> + </blockquote> + </body> + </description> + <references> + <url>http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-01</url> + </references> + <dates> + <discovery>2005-01-04</discovery> + <entry>2005-01-24</entry> + </dates> + </vuln> + <vuln vid="b4d94fa0-6e38-11d9-9e1e-c296ac722cb3"> <topic>squid -- possible cache-poisoning via malformed HTTP responses</topic> |