Results 1 to 5 of 5

Thread: mod_frontpage installed, what to do next?

  1. #1
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default mod_frontpage installed, what to do next?

    Hi all, I did a scan on one of my servers and I found that it had a vulnerability
    Code:
    mod_frontpage installed
    The remote host is using the Apache mod_frontpage module.
    
    mod_frontpage older than 1.6.1 is vulnerable to a buffer
    overflow which may allow an attacker to gain root access.
    
    *** Since Nessus was not able to remotely determine the version
    *** of mod_frontage you are running, you are advised to manually
    *** check which version you are running as this might be a false
    *** positive.
    
    If you want the remote server to be remotely secure, we advise
    you do not use this module at all.
    
    Solution : Disable this module
    Risk factor : High
    CVE : CVE-2002-0427
    BID : 4251
    
    Nessus ID : 11303
    Now I have had a look at the server and found that it has version 1.4 so it should be vulnerable. Only thing is I don’t think that there is any public exploits or anything available for this particular vulnerability. So my question is, what is my next step? Could someone point me in the right direction?

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Upgrade it.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by Barry View Post
    Upgrade it.
    The server isn't really accessible to the “outside” world…. I have to create a vpn tunnel into the network to access it… it’s a server I have at home that I use to testing and such… so I am not to worries about the vulnerability being there, I thought it would be a good sort of lesson… well a sort of real world example…

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    The thing I love the most about Linux and Unix is the crystal clear error messages it gives.

    Example of windows error message: ERROR 557.8 << WTF does that mean

    Example of Linux error message:If you want the remote server to be remotely secure, we advise
    you do not use this module at all.

    Not only is there a error it clearly says: Solution : Disable this module

    It seems to me you are fishing for some one to help you with a exploit which I don't think is going to happen. This type of social engineering is pretty lame.
    you asked
    So my question is, what is my next step? Could someone point me in the right direction?
    you were told by nessus:
    If you want the remote server to be remotely secure, we advise
    you do not use this module at all.

    Solution : Disable this module
    Risk factor : High
    and you were told by barry:
    Upgrade it.
    Did you do these things? NO instead you said:
    The server isn't really accessible to the “outside” world…. I have to create a vpn tunnel into the network to access it… it’s a server I have at home that I use to testing and such… so I am not to worries about the vulnerability being there, I thought it would be a good sort of lesson… well a sort of real world example…
    It seems to me if you were truly conducting testing you would have provided info like this in the beginning and I may have believed you.

  5. #5
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    To be honest i didnt see how it would of been relevant...

    Well guess I know for next time to be more descriptive in my initial post from now on

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •