GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Oct 24, 2006 6:26 pm Post subject: [ GLSA 200610-12 ] Apache mod_tcl: Format string vulnerabili |
|
|
Gentoo Linux Security Advisory
Title: Apache mod_tcl: Format string vulnerability (GLSA 200610-12)
Severity: high
Exploitable: remote
Date: October 24, 2006
Bug(s): #151359
ID: 200610-12
Synopsis
A format string vulnerabilty has been found in Apache mod_tcl, which could lead to the remote execution of arbitrary code.
Background
Apache mod_tcl is a TCL interpreting module for the Apache 2.x web server.
Affected Packages
Package: www-apache/mod_tcl
Vulnerable: < 1.0.1
Unaffected: >= 1.0.1
Architectures: All supported architectures
Description
Sparfell discovered format string errors in calls to the set_var function in tcl_cmds.c and tcl_core.c.
Impact
A remote attacker could exploit the vulnerability to execute arbitrary code with the rights of the user running the Apache server.
Workaround
There is no known workaround at this time.
Resolution
All mod_tcl users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apache/mod_tcl-1.0.1" |
References
CVE-2006-4154 |
|