CVE-2009-1195
CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlhttp://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2http://marc.info/?l=bugtraq&m=129190899612998&w=2http://osvdb.org/54733https://bugzilla.redhat.com/show_bug.cgi?id=489436http://secunia.com/advisories/35261http://secunia.com/advisories/35264http://secunia.com/advisories/35395http://secunia.com/advisories/35453http://secunia.com/advisories/35721http://secunia.com/advisories/37152