Bug 128170 - CAN-2004-0700 mod_ssl format string vulnerability
Summary: CAN-2004-0700 mod_ssl format string vulnerability
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: mod_ssl   
(Show other bugs)
Version: 2.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Brian Brock
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2004-07-19 16:05 UTC by Josh Bressers
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-07 15:37:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:408 normal SHIPPED_LIVE Important: mod_ssl security update 2004-09-07 04:00:00 UTC

Description Josh Bressers 2004-07-19 16:05:00 UTC
Triggered by a report to Packet Storm [1] from Virulent, a format
  string vulnerability was found in mod_ssl [2], the Apache SSL/TLS
  interface to OpenSSL, version (up to and including) 2.8.18 for Apache
  1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability
  could be exploitable if Apache is used as a proxy for HTTPS URLs and
  the attacker established a own specially prepared DNS and origin
  server environment.

More information here:

We're still investigating if this is actually an issue.

Comment 1 Mark J. Cox 2004-07-27 19:39:30 UTC
An errata is in progress for this issue, but it a low risk.  From the
upcoming advisory text:

"A format string issue was discovered in mod_ssl for Apache 1.3 which
can be triggered if mod_ssl is configured to allow a client to proxy
to remote SSL sites. If mod_ssl is forced to connect to a remote SSL
server using a carefully crafted hostname, an attacker may be able to
crash an Apache child process. This issue is not known to allow
arbitrary execution of code."

Comment 5 Josh Bressers 2004-09-07 15:37:30 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.