[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] buffer overflow in mod_ssl
- To: linux-security
- Subject: [linux-security] buffer overflow in mod_ssl
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 8 Aug 2002 19:25:44 -0700
- User-Agent: Mutt/1.4i
Topic
=====
buffer overflow in mod_ssl package allows priviledge elevation
Problem Description
===================
The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) protocols. Versions of mod_ssl prior to 2.8.10 are subject to a
single NULL overflow that can cause arbitrary code execution.
In order to exploit this vulnerability, the Apache Web server has to be
configured to allow overriding of configuration settings on a per-directory
basis, and untrusted local users must be able to modify a directory in
which the server is configured to allow overriding. The local attacker may
then become the user that Apache is running as (usually 'www' or 'nobody').
Note that regardless of this bug, local users can obtain the same
privileges if the server is configured to allow them to create CGI scripts
which run as the Web server user, or if PHP is enabled but not configured
in "safe mode".
Affected Systems
================
web servers with mod_ssl versions < 2.8.10
Solution
========
Upgrade to mod_ssl-2.8.10 (or patched version for your distribution)
RedHat 7.0, 7.1
---------------
rpm -Fvh mod_ssl-2.8.5-5.i386.rpm
RedHat 7.2
----------
rpm -Fvh mod_ssl-2.8.5-6.i386.rpm
RedHat 7.3
----------
rpm -Fvh mod_ssl-2.8.7-6.i386.rpm
Debian 2.2 (potato)
-------------------
upgrade to libapache-mod-ssl_2.4.10-1.3.9-1potato2_i386.deb
Debian 3.0 (woody)
------------------
upgrade to libapache-mod-ssl_2.8.9-2_i386.deb
SuSE 7.0
--------
rpm -Fvh apache-1.3.19-128.i386.rpm \
mod_ssl-2.8.2-38.i386.rpm \
mod_perl-1.24-147.i386.rpm \
mod_php4-4.0.4pl1-135.i386.rpm \
mod_php-3.0.17RC1-58.i386.rpm \
backhand-1.1.0-111.i386.rpm \
mod_dav-1.0.0-76.i386.rpm \
jserv-1.1.2-502.i386.rpm \
authldap-1.4.3-128.i386.rpm \
midgard-1.2.5-139.i386.rpm \
modcontr-1.0.7-180.i386.rpm
SuSE 7.1
--------
rpm -Fvh apache-1.3.19-126.i386.rpm \
mod_ssl-2.8.1-3.i386.rpm \
mod_perl-1.24-154.i386.rpm \
mod_php4-4.0.4pl1-142.i386.rpm \
mod_php-3.0.17RC1-65.i386.rpm \
backhand-1.1.0-120.i386.rpm \
mod_dav-1.0.2-460.i386.rpm \
jserv-1.1.2-521.i386.rpm \
mod_python-2.7.1-40.i386.rpm \
authldap-1.4.3-135.i386.rpm \
apache-contrib-1.0.8-44.i386.rpm
SuSE 7.2
--------
rpm -Fvh apache-1.3.19-127.i386.rpm \
apache-devel-1.3.19-127.i386.rpm \
apache-doc-1.3.19-127.i386.rpm \
mod_ssl-2.8.3-60.i386.rpm \
mod_perl-1.25-77.i386.rpm \
mod_php4-4.0.6-179.i386.rpm \
mod_php4-core-4.0.6-179.i386.rpm \
backhand-1.1.0-121.i386.rpm \
mod_dav-1.0.2-461.i386.rpm \
jserv-1.1.2-522.i386.rpm \
mod_python-2.7.2-79.i386.rpm \
authldap-1.4.8-121.i386.rpm \
apache-contrib-1.0.9-385.i386.rpm \
midgard-1.4-218.i386.rpm
SuSE 7.3
--------
rpm -Fvh apache-1.3.20-70.i386.rpm \
apache-devel-1.3.20-70.i386.rpm \
apache-doc-1.3.20-70.i386.rpm \
mod_ssl-2.8.4-70.i386.rpm \
mod_perl-1.26-348.i386.rpm \
mod_php4-4.0.6-179.i386.rpm \
mod_php4-aolserver-4.0.6-179.i386.rpm \
mod_php4-core-4.0.6-179.i386.rpm \
mod_php4-servlet-4.0.6-179.i386.rpm \
backhand-1.2.0-251.i386.rpm \
mod_dav-1.0.2-462.i386.rpm \
jserv-1.1.2-524.i386.rpm \
mod_python-2.7.5-128.i386.rpm \
authldap-1.6.0-321.i386.rpm \
apache-contrib-1.0.9-386.i386.rpm \
midgard-1.4-219.i386.rpm
SuSE 8.0
--------
rpm -Fvh apache-1.3.23-137.i386.rpm \
apache-devel-1.3.23-137.i386.rpm \
apache-doc-1.3.23-137.i386.rpm \
mod_ssl-2.8.7-105.i386.rpm \
mod_perl-1.26-347.i386.rpm \
mod_php4-4.1.0-244.i386.rpm \
mod_php4-aolserver-4.1.0-244.i386.rpm \
mod_php4-core-4.1.0-244.i386.rpm \
mod_php4-servlet-4.1.0-244.i386.rpm \
mod_php4-devel-4.1.0-244.i386.rpm \
backhand-1.2.1-117.i386.rpm \
mod_dav-1.0.2-461.i386.rpm \
jserv-1.1.2-523.i386.rpm \
mod_python-2.7.6-234.i386.rpm \
authldap-1.6.0-320.i386.rpm \
apache-contrib-1.0.9-385.i386.rpm \
midgard-1.4.2-231.i386.rpm
Caldera OpenLinux 3.1.1, 3.1 (Server, Workstation)
--------------------------------------------------
rpm -Fvh mod_ssl-2.8.5_1.3.22-3.i386.rpm \
mod_ssl-sxnet-2.8.5_1.3.22-3.i386.rpm