This is CVE-2010-1151.
A race condition was found in the way mod_auth_shadow used an external helper binary to validate user credentials (username / password pairs). A remote attacker could use this flaw to bypass intended access restrictions, resulting in ability to view and potentially alter resources, which should be otherwise protected by authentication. Acknowledgements: Red Hat would like to thank John Sullivan for responsibly reporting this flaw.
mod_auth_shadow-2.2-8.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc13
mod_auth_shadow-2.2-8.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc12
mod_auth_shadow-2.2-8.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc11
mod_auth_shadow-2.2-4.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-4.el4
mod_auth_shadow-2.2-5.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-5.el5
mod_auth_shadow-2.2-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
mod_auth_shadow-2.2-8.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
mod_auth_shadow-2.2-4.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
mod_auth_shadow-2.2-5.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
mod_auth_shadow-2.2-8.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.