ProCheckUp Identifies Multiple Vulnerabilities in Linux-Mandrake
CERT are set to publish details of the vulnerabilities discovered by Internet Security Company ProCheckUp Ltd in Linux-Mandrake, the leading Linux distribution, by volume.
1. Apache Mandrake has supplied a number of Apache sample programs, which provide detailed configuration information to attackers about the Apache server configuration (CERT Reference VU#898480).
2. Mandrake have also configured a perl-proxy/management port on port 8200, this may be configured differently to port 80 or port 443. It may be used as a backdoor into websites, which are configured to only use encrypted links (CERT Reference VU#927256).
3. The default Linux-Mandrake Apache web server configuration sets all created directories as browsable, so a remote attacker is able to list all files in the targeted directories (CERT Reference VU#913704).
Further details can be found at: www.procheckup.com/vuln.html (PR01-03, PR01-06, PR01-07).
IMPORTANT NOTICE:
More vulnerabilities are due for publication soon, so bookmark this page and keep checking it.