Bug 128170 - CAN-2004-0700 mod_ssl format string vulnerability
Summary: CAN-2004-0700 mod_ssl format string vulnerability
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: mod_ssl   
(Show other bugs)
Version: 2.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-19 16:05 UTC by Josh Bressers
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-07 15:37:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:408 normal SHIPPED_LIVE Important: mod_ssl security update 2004-09-07 04:00:00 UTC

Description Josh Bressers 2004-07-19 16:05:00 UTC
Triggered by a report to Packet Storm [1] from Virulent, a format
  string vulnerability was found in mod_ssl [2], the Apache SSL/TLS
  interface to OpenSSL, version (up to and including) 2.8.18 for Apache
  1.3. The mod_ssl in Apache 2.x is not affected. The vulnerability
  could be exploitable if Apache is used as a proxy for HTTPS URLs and
  the attacker established a own specially prepared DNS and origin
  server environment.

More information here:
http://packetstormsecurity.org/filedesc/modsslFormat.txt.html

We're still investigating if this is actually an issue.

Comment 1 Mark J. Cox 2004-07-27 19:39:30 UTC
An errata is in progress for this issue, but it a low risk.  From the
upcoming advisory text:

"A format string issue was discovered in mod_ssl for Apache 1.3 which
can be triggered if mod_ssl is configured to allow a client to proxy
to remote SSL sites. If mod_ssl is forced to connect to a remote SSL
server using a carefully crafted hostname, an attacker may be able to
crash an Apache child process. This issue is not known to allow
arbitrary execution of code."

Comment 5 Josh Bressers 2004-09-07 15:37:30 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-408.html



Note You need to log in before you can comment on or make changes to this bug.