[Phpwm] mod_frontpage
Phil Beynon
phil at infolinkelectronics.co.uk
Fri Feb 8 11:14:15 GMT 2008
Hi Andy,
I didnt know you were on here mate!
It is actually disabled on the Raq, in that its deactivated withing th GUI
etc, however what I am doing is the Security Metrics credit card merchant
compliance testing and somehow its seeing the module is there and
potentially available and is coming back with;
The remote host is using the Apache mod_frontpage module. mod_frontpage
older than 1.6.1 is vulnerable to a buffer overflow which may allow an
attacker to gain root access. *** Since SMetrics was not able to remotely
determine the version *** of mod_frontage you are running, you are advised
to manually *** check which version you are running as this might be a false
*** positive. If you want the remote server to be remotely secure, we advise
you do not use this module at all. Solution: Disable this module Risk
Factor: High CVE : CVE-2002-0427 BID : 425
It's really just about the only thing that's giving grief on this now, apart
from tweaking the PHP and MySQL versions to the latest - I've even managed
to update BIND and stop the DNS recursion lookups.
Phil
> Hi Phil,
>
> Are you actually using mod_frontpage for anything? Why not just
> disable it?
>
>
> A.
>
> -----Original Message-----
> From: phpwm-bounces at mailman.lug.org.uk
> [mailto:phpwm-bounces at mailman.lug.org.uk] On Behalf Of Phil Beynon
> Sent: 07 February 2008 12:47
> To: West Midlands PHP User Group
> Subject: RE: [Phpwm] mod_frontpage
>
> > | How do I tell the installed version of the mod_frontpage bit
> > under apache?
> > |
> >
> >
> > Look at /server-status (or is it /server-info ?)
> >
> > (Guess)
> >
> > David.
>
>
> Hi David,
>
> Where's that / that done?
>
> What i'm doing is trying to make our servers compliant under this
> new crap the credit card companies are forcing in regarding
> server security, and its coming up with; <quote>
>
> The remote host is using the Apache mod_frontpage module.
> mod_frontpage older than 1.6.1 is vulnerable to a buffer overflow
> which may allow an attacker to gain root access. *** Since
> SMetrics was not able to remotely determine the version *** of
> mod_frontage you are running, you are advised to manually ***
> check which version you are running as this might be a false
> *** positive. If you want the remote server to be remotely
> secure, we advise you do not use this module at all. Solution:
> Disable this module Risk
> Factor: High CVE : CVE-2002-0427 BID : 4251
>
> </quote>
>
> Right now I have no idea what version this is actually running.
>
> Phil
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date:
> 06/02/2008
> 20:14
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date:
> 06/02/2008 20:14
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.21/1263 - Release Date:
> 06/02/2008 20:14
>
>
> Wave Rider Internet is a trading style of OpenSense Ltd.
> Registered in England and Wales No 04999653
>
> _______________________________________________
> Phpwm mailing list
> Phpwm at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/phpwm
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.21/1265 - Release Date:
> 07/02/2008 11:17
>
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.21/1265 - Release Date: 07/02/2008
11:17
More information about the Phpwm
mailing list