Secunia Security Advisory - David Herselman has reported a security issue in the mod_auth_shadow module for Apache, which potentially can be exploited by malicious people to bypass certain security restrictions.
9851fb148489afcf16cd1bad6cc28d45708d12d654fc7682257f02fff4ed6f20
TITLE:
Apache mod_auth_shadow Module "require group" Incorrect
Authentication
SECUNIA ADVISORY ID:
SA17060
VERIFY ADVISORY:
http://secunia.com/advisories/17060/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
mod_auth_shadow (module for Apache)
http://secunia.com/product/2811/
DESCRIPTION:
David Herselman has reported a security issue in the mod_auth_shadow
module for Apache, which potentially can be exploited by malicious
people to bypass certain security restrictions.
The problem is that the mod_auth_shadow authentication scheme is
automatically used when using the "require group" directive in a
".htaccess" file, which may be different than the intended HTTP
authentication scheme.
SOLUTION:
Update to version 1.5 or 2.1.
http://sourceforge.net/project/showfiles.php?group_id=11283
PROVIDED AND/OR DISCOVERED BY:
David Herselman
ORIGINAL ADVISORY:
Debian:
http://www.debian.org/security/2005/dsa-844
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------