(Mandrake Issues Fix) mod_ssl Format String Error in 'ssl_engine_ext' May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1010794
|
|
SecurityTracker URL: http://securitytracker.com/id?1010794
|
|
CVE Reference: CAN-2004-0700
(Links to External Site)
|
Date: Jul 28 2004
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.8.19-1.3.31
|
Description: A format string vulnerability was reported in mod_ssl. In certain cases where Apache mod_proxy is also used, a remote user may be able to cause arbitrary code to be executed on the target user's system.
Ralf S. Engelschall reported that if Apache is used as a proxy and an HTTPS URL such as 'https://foo%s.example.com/' is supplied
and a hostname 'foo%s' exists in the 'example.com' zone, the flaw can reportedly be triggered.
The flaw reportedly resides in
an error message call in 'ssl_engine_ext.c'.
The report credits Virulent <virulent@siyahsapka.org> with reporting a similar bug
(that was reportedly not exploitable) and triggering a review of the code.
|
Impact: A remote user may be able to cause arbitrary code to be executed on the target system in certain cases.
|
Solution: Mandrake has issued a fix.
Mandrakelinux 10.0:
67b5f2830144f4f23252c6e790024913 10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.i586.rpm
bc3d01ea44136b134f465f9477f4907c 10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
0e20fd551d0db86fb01bf1cac1fc0d00
amd64/10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.amd64.rpm
bc3d01ea44136b134f465f9477f4907c amd64/10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm
Corporate Server 2.1:
ced0b61893293095a5f229728e4cbdb2 corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.i586.rpm
543976686dac61408092c2d90faf45be
corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
200c8254e7bbd46c8f9d5288803d33a1 x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C
21mdk.x86_64.rpm
543976686dac61408092c2d90faf45be x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm
Mandrakelinux
9.1:
e58304a3bbc0581e643e5609e95b8230 9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.i586.rpm
c752c0ae8d6d034eb61c1a967e0e50f0 9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
c3ad8be79ca34e4a08d9d50d8c0e2178 ppc/9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.ppc.rpm
c752c0ae8d6d034eb61c1a967e0e50f0
ppc/9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm
Mandrakelinux 9.2:
51a525a5e2da3af2812d6f502dcb55ea 9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.i586.rpm
faf4f30d6757b581b407e6dc645e17c0 9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
daf5b6b738aa5010619fc2cdf8817112
amd64/9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.amd64.rpm
faf4f30d6757b581b407e6dc645e17c0 amd64/9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm
Multi Network Firewall 8.2:
03dd0105896ff42ed4cd1fe48d3f62d7 mnf8.2/RPMS/mod_ssl-2.8.7-3.4.M82mdk.i586.rpm
7c306e82940c73410ccf8e9bb635adea
mnf8.2/SRPMS/mod_ssl-2.8.7-3.4.M82mdk.src.rpm
|
Vendor URL: www.modssl.org/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Mandrake)
|
Underlying OS Comments: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2
|
Reported By: Mandrake Linux Security Team <security@linux-mandrake.com>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: 28 Jul 2004 01:26:08 -0000
From: Mandrake Linux Security Team <security@linux-mandrake.com>
Subject: [Full-Disclosure] MDKSA-2004:075 - Updated mod_ssl packages fix potential vulnerabilities
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: mod_ssl
Advisory ID: MDKSA-2004:075
Date: July 27th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
Ralf S. Engelschall found a remaining risky call to ssl_log while
reviewing code for another issue reported by Virulent. The updated
packages are patched to correct the problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0700
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
67b5f2830144f4f23252c6e790024913 10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.i586.rpm
bc3d01ea44136b134f465f9477f4907c 10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
0e20fd551d0db86fb01bf1cac1fc0d00 amd64/10.0/RPMS/mod_ssl-2.8.16-1.2.100mdk.amd64.rpm
bc3d01ea44136b134f465f9477f4907c amd64/10.0/SRPMS/mod_ssl-2.8.16-1.2.100mdk.src.rpm
Corporate Server 2.1:
ced0b61893293095a5f229728e4cbdb2 corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.i586.rpm
543976686dac61408092c2d90faf45be corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
200c8254e7bbd46c8f9d5288803d33a1 x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.4.C21mdk.x86_64.rpm
543976686dac61408092c2d90faf45be x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.4.C21mdk.src.rpm
Mandrakelinux 9.1:
e58304a3bbc0581e643e5609e95b8230 9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.i586.rpm
c752c0ae8d6d034eb61c1a967e0e50f0 9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
c3ad8be79ca34e4a08d9d50d8c0e2178 ppc/9.1/RPMS/mod_ssl-2.8.12-8.2.91mdk.ppc.rpm
c752c0ae8d6d034eb61c1a967e0e50f0 ppc/9.1/SRPMS/mod_ssl-2.8.12-8.2.91mdk.src.rpm
Mandrakelinux 9.2:
51a525a5e2da3af2812d6f502dcb55ea 9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.i586.rpm
faf4f30d6757b581b407e6dc645e17c0 9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
daf5b6b738aa5010619fc2cdf8817112 amd64/9.2/RPMS/mod_ssl-2.8.15-1.2.92mdk.amd64.rpm
faf4f30d6757b581b407e6dc645e17c0 amd64/9.2/SRPMS/mod_ssl-2.8.15-1.2.92mdk.src.rpm
Multi Network Firewall 8.2:
03dd0105896ff42ed4cd1fe48d3f62d7 mnf8.2/RPMS/mod_ssl-2.8.7-3.4.M82mdk.i586.rpm
7c306e82940c73410ccf8e9bb635adea mnf8.2/SRPMS/mod_ssl-2.8.7-3.4.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBBwCwmqjQ0CJFipgRAvsqAJ4uzwldl0Yf+paawKs3W1wFZF/uQQCfT2pL
yKWNwpXW9uoHgKYcFbnoho0=
=itL+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
