Bug 128170 - CAN-2004-0700 mod_ssl format string vulnerability
CAN-2004-0700 mod_ssl format string vulnerability
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: mod_ssl (Show other bugs)
2.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-19 12:05 EDT by Josh Bressers
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-07 11:37:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-07-19 12:05:00 EDT
Triggered by a report to Packet Storm [1] from Virulent, a format
  string vulnerability was found in mod_ssl [2], the Apache SSL/TLS
  interface to OpenSSL, version (up to and including) 2.8.18 for Apache
  1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability
  could be exploitable if Apache is used as a proxy for HTTPS URLs and
  the attacker established a own specially prepared DNS and origin
  server environment.

More information here:
http://packetstormsecurity.org/filedesc/modsslFormat.txt.html

We're still investigating if this is actually an issue.
Comment 1 Mark J. Cox (Product Security) 2004-07-27 15:39:30 EDT
An errata is in progress for this issue, but it a low risk.  From the
upcoming advisory text:

"A format string issue was discovered in mod_ssl for Apache 1.3 which
can be triggered if mod_ssl is configured to allow a client to proxy
to remote SSL sites. If mod_ssl is forced to connect to a remote SSL
server using a carefully crafted hostname, an attacker may be able to
crash an Apache child process. This issue is not known to allow
arbitrary execution of code."
Comment 5 Josh Bressers 2004-09-07 11:37:30 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-408.html

Note You need to log in before you can comment on or make changes to this bug.