Download
| Alert*
|
oval:org.secpod.oval:def:300200
A vulnerability has been found and corrected in apache-mod_auth_shadow: A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials . A remote attacker could use this flaw to bypass intended access restrictions, resulting in ability to view and p ... oval:org.secpod.oval:def:100169 When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". mod_auth_shadow addresses this difficulty by opening a pipe to an suid ... oval:org.secpod.oval:def:100253 When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". mod_auth_shadow addresses this difficulty by opening a pipe to an suid ... oval:org.secpod.oval:def:100707 When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". mod_auth_shadow addresses this difficulty by opening a pipe to an suid ... |
