|
|
[NEWS] Apache ssl_callback_SSLVerify_CRL DoS: msg#00067security.securiteam
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - Apache ssl_callback_SSLVerify_CRL DoS ------------------------------------------------------------------------ SUMMARY "Apache is one of the the world's most widely used Web servers. Originally developed in 1995 by a group that was to go on to become the The Apache Group, the Apache HTTP Server is Open Source Software, and considered by proponents to be fast, scalable and secure. The name was derived from the project's less robust beginnings ('A patchy Web server')." A buffer overrun vulnerability was recently reported in Apache, this vulnerability could be exploited by malicious attackers to cause a denial of service. DETAILS Vulnerable Systems: * Apache HTTP Server version 2.0.54 Immune Systems: * Apache HTTP Server version 2.0.55 A buffer overrun can be found in ssl_callback_SSLVerify_CRL( ) - ssl_engine_kernel.c: char buff[512]; /* should be plenty */ [...] n = BIO_read(bio, buff, sizeof(buff)); buff[n] = '\0'; If there are more than 512 bytes the resulting value of n is 512, causing us to write at location 512 (buff[512]) overflowing the buffer by one. The line should read: n = BIO_read(bio, buff, sizeof(buff) - 1); ADDITIONAL INFORMATION The original article can be found at: <http://issues.apache.org/bugzilla/show_bug.cgi?id=35081> http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [NT] GoodTech SMTP Server RCPT TO Buffer Overflow: 00067, SecuriTeam |
|---|---|
| Next by Date: | [NT] Intruder DoS and Command Execution Vulnerabilities: 00067, SecuriTeam |
| Previous by Thread: | [NT] GoodTech SMTP Server RCPT TO Buffer Overflowi: 00067, SecuriTeam |
| Next by Thread: | [NT] Intruder DoS and Command Execution Vulnerabilities: 00067, SecuriTeam |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |