Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200406-05 ] Apache: Buffer overflow in mod_ssl
Date: Wed, 09 Jun 2004 19:17:27
Message-Id: 40C7620A.5090907@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200406-05
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: High
11 Title: Apache: Buffer overflow in mod_ssl
12 Date: June 09, 2004
13 Bugs: #51368
14 ID: 200406-05
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 A bug in mod_ssl may allow a remote attacker to execute remote code
22 when Apache is configured a certain way.
23
24 Background
25 ==========
26
27 Apache is the most popular Web server on the Internet. mod_ssl provides
28 Secure Sockets Layer encryption and authentication to Apache 1.3.
29 Apache 2 contains the functionality of mod_ssl.
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 net-www/mod_ssl < 2.8.18 >= 2.8.18
38 2 net-www/apache <= 2.0.49-r2 < 2.0
39 >= 2.0.49-r3
40 -------------------------------------------------------------------
41 2 affected packages on all of their supported architectures.
42 -------------------------------------------------------------------
43
44 Description
45 ===========
46
47 A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead
48 to a remote buffer overflow on a server configured to use FakeBasicAuth
49 that will trust a client certificate with an issuing CA with a subject
50 DN longer than 6k.
51
52 Impact
53 ======
54
55 Given the right server configuration, an attacker could cause a Denial
56 of Service or execute code as the user running Apache, usually
57 "apache". It is thought to be impossible to exploit this to execute
58 code on the x86 platform, but the possibility for other platforms is
59 unknown. This does not preclude a DoS on x86 systems.
60
61 Workaround
62 ==========
63
64 A server should not be vulnerable if it is not configured to use
65 FakeBasicAuth and to trust a client CA with a long subject DN.
66
67 Resolution
68 ==========
69
70 Apache 1.x users should upgrade to the latest version of mod_ssl:
71
72 # emerge sync
73
74 # emerge -pv ">=net-www/modssl-2.8.18
75 # emerge ">=net-www/modssl-2.8.18
76
77 Apache 2.x users should upgrade to the latest version of Apache:
78
79 # emerge sync
80
81 # emerge -pv ">=net-www/apache-2.0.49-r3"
82 # emerge ">=net-www/apache-2.0.49-r3"
83
84 References
85 ==========
86
87 [ 1 ] CAN-2004-0488
88 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
89
90 Availability
91 ============
92
93 This GLSA and any updates to it are available for viewing at
94 the Gentoo Security Website:
95
96 http://security.gentoo.org/glsa/glsa-200406-05.xml
97
98 Concerns?
99 =========
100
101 Security is a primary focus of Gentoo Linux and ensuring the
102 confidentiality and security of our users machines is of utmost
103 importance to us. Any security concerns should be addressed to
104 security@g.o or alternatively, you may file a bug at
105 http://bugs.gentoo.org.
106
107 License
108 =======
109
110 Copyright 2004 Gentoo Technologies, Inc; referenced text
111 belongs to its owner(s).
112
113 The contents of this document are licensed under the
114 Creative Commons - Attribution / Share Alike license.
115
116 http://creativecommons.org/licenses/by-sa/1.0
117
118 -----BEGIN PGP SIGNATURE-----
119 Version: GnuPG v1.2.4 (GNU/Linux)
120 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
121
122 iD8DBQFAx2IKvcL1obalX08RAptlAJ9LVvRZ+JzIaFwgq0B3OZ0Q2o2AGgCfTDr7
123 r2p6/K12qtQnHqtIdAhkFL4=
124 =tQf1
125 -----END PGP SIGNATURE-----