SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Mod_ssl Vendors:   Modssl.org
(Trustix Issues Fix) Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010365
SecurityTracker URL:  http://securitytracker.com/id/1010365
CVE Reference:   CAN-2004-0488   (Links to External Site)
Date:  Jun 2 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in Apache mod_ssl. A remote user may be able to execute arbitrary code on the target system in certain situations.

Georgi Guninski reported that the ssl_util_uuencode_binary() function in 'ssl_util.c' may allow a remote user to supply a specially crafted Subject-DN in a client certificate to trigger the overflow. According to OpenPKG, the overflow resides in the "SSLOptions +FakeBasicAuth" implementation of mod_ssl and can be triggered if the Subject-DN is longer than 6 KB and mod_ssl is configured to trust the certificate's issuing CA.
Impact:   A remote user may be able to execute arbitrary code on the target system in certain cases.
Solution:   Trustix has released a fix, available at:

http://http.trustix.org/pub/trustix/updates/
ftp://ftp.trustix.org/pub/trustix/updates/

The MD5sums of the packages are:

3ed253daf8927be60212442a3050f691 tsel-2/apache-2.0.49-7tr.i586.rpm
9fb3d9424f6fc1ec4289712a20899fa7 tsel-2/apache-dbm-2.0.49-7tr.i586.rpm
9fe83b2b8894d2980f7854b42d5c026b tsel-2/apache-devel-2.0.49-7tr.i586.rpm
36b13c423f17d903616a7483264370eb tsel-2/apache-manual-2.0.49-7tr.i586.rpm

79942721f12067c42160376c853d4f49 2.1/rpms/apache-2.0.49-7tr.i586.rpm
c6cb07a964b4147f208b20fd6f4ab5ba 2.1/rpms/apache-dbm-2.0.49-7tr.i586.rpm
8b3739ca31dc03d0e48771ea220f21b1 2.1/rpms/apache-devel-2.0.49-7tr.i586.rpm
a9f53eed9b923741c77432bdfbfc91e4 2.1/rpms/apache-manual-2.0.49-7tr.i586.rpm

9e142f0ccbc2978e76cfeb0aa6085143 2.0/rpms/apache-2.0.49-2tr.i586.rpm
c9fc1991963a238c48c9b82c0c00def4 2.0/rpms/apache-devel-2.0.49-2tr.i586.rpm
8bad2bf97c4fb5e8cb65aec53b0dec31 2.0/rpms/apache-manual-2.0.49-2tr.i586.rpm

1b6c4c97d574094142525409a75dc706 1.5/rpms/apache-1.3.31-2tr.i586.rpm
9c0db86b4fe6f0d689bfcb7a404a8530 1.5/rpms/apache-devel-1.3.31-2tr.i586.rpm
Vendor URL:  www.modssl.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Trustix)

Message History:   This archive entry is a follow-up to the message listed below.
May 28 2004 Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Wed, 2 Jun 2004 13:57:03 +0200
Subject:  TSLSA-2004-0031 - apache


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0031

Package name:      apache
Summary:           
Date:              2004-06-02
Affected versions: Trustix Secure Linux 1.5
                   Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Secure Enterprise Linux 2

- --------------------------------------------------------------------------
Package description:
  Apache is a full featured web server that is freely available,
  and also happens to be the most widely used. Built with loadable modules
  (all standard modules enabled). This verion is intended as a replacement
  for a standard apache, the configuration files provided with apache and
  apache-ssl are unchanged.

Problem description:
  Stack-based buffer overflow in the ssl_util_uuencode_binary function
  in ssl_util.c for Apache mod_ssl when mod_ssl is configured to trust
  the issuing CA, may allow remote attackers to execute arbitrary code
  via a client certificate with a long subject DN.
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  Most updates for Trustix Secure Linux are made available for public
  testing some time before release.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://tsldev.trustix.org/horizon/>

  You may also use swup for public testing of updates:
  
  site {
      class = 0
      location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.5/>,
  <URI:http://www.trustix.org/errata/trustix-2.0/> and
  <URI:http://www.trustix.org/errata/trustix-2.1/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0031>


MD5sums of the packages:
- --------------------------------------------------------------------------
3ed253daf8927be60212442a3050f691  tsel-2/apache-2.0.49-7tr.i586.rpm
9fb3d9424f6fc1ec4289712a20899fa7  tsel-2/apache-dbm-2.0.49-7tr.i586.rpm
9fe83b2b8894d2980f7854b42d5c026b  tsel-2/apache-devel-2.0.49-7tr.i586.rpm
36b13c423f17d903616a7483264370eb  tsel-2/apache-manual-2.0.49-7tr.i586.rpm

79942721f12067c42160376c853d4f49  2.1/rpms/apache-2.0.49-7tr.i586.rpm
c6cb07a964b4147f208b20fd6f4ab5ba  2.1/rpms/apache-dbm-2.0.49-7tr.i586.rpm
8b3739ca31dc03d0e48771ea220f21b1  2.1/rpms/apache-devel-2.0.49-7tr.i586.rpm
a9f53eed9b923741c77432bdfbfc91e4  2.1/rpms/apache-manual-2.0.49-7tr.i586.rpm

9e142f0ccbc2978e76cfeb0aa6085143  2.0/rpms/apache-2.0.49-2tr.i586.rpm
c9fc1991963a238c48c9b82c0c00def4  2.0/rpms/apache-devel-2.0.49-2tr.i586.rpm
8bad2bf97c4fb5e8cb65aec53b0dec31  2.0/rpms/apache-manual-2.0.49-2tr.i586.rpm

1b6c4c97d574094142525409a75dc706  1.5/rpms/apache-1.3.31-2tr.i586.rpm
9c0db86b4fe6f0d689bfcb7a404a8530  1.5/rpms/apache-devel-1.3.31-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAvasWi8CEzsK9IksRAiiJAKC4/SdufzfeIf229QRGoiuFvXw8wQCgpIcc
NTKAMgzA8/USoadLVWbIKi0=
=dlj+
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@lists.trustix.org
http://lists.trustix.org/mailman/listinfo/tsl-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC