Bug 152774 - CAN-2004-0748 - mod_ssl input filter bug
CAN-2004-0748 - mod_ssl input filter bug
Status: CLOSED NOTABUG
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-01 15:41 EDT by Marc Deslauriers
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:59 EST
An input filter bug in mod_ssl was discovered in Apache httpd version
2.0.50 and earlier. A remote attacker could force an SSL connection to be
aborted in a particular state and cause an Apache child process to enter an
infinite loop, consuming CPU resources. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0748 to
this issue.

https://rhn.redhat.com/errata/RHSA-2004-349.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748



------- Additional Comments From moixa@gmx.ch 2004-09-02 03:55:23 ----

Note the almost one-liner fix here:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-09-02 05:49:46 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Built packages for RH7.3:

sha1sum -b *.rpm
ef5ab48ad356a944c7cc3ba923c9dbb50ef83c5e *krb5-1.2.4-13.legacy.7x.src.rpm
810bb9ffba0ceeffdfe8622077680cd4a27a0152
*krb5-devel-1.2.4-13.legacy.7x.i386.rpm
113cbd9f47f9d141fddb5b6ae9a03deb000a3a35 *krb5-libs-1.2.4-13.legacy.7x.i386.rpm
1a2402efd13a1dff6c5c7935de846c2b3da12595
*krb5-server-1.2.4-13.legacy.7x.i386.rpm
2a7ea85868b70f76f990903a9a8a6223f6ed9e48
*krb5-workstation-1.2.4-13.legacy.7x.i386.rpm

download from 
http://cf.ccmr.cornell.edu/publicdownloads/fedoralegacy-testing/krb5

- -DWB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBN0C9SY7s7uPf/IURAmaKAKCyzN/UHhzpTtFiUjI4ds5Z8VGrAACfXKUb
nqqbHP2Jd+RAuTAPmPzNKbY=
=8qto
-----END PGP SIGNATURE-----




------- Additional Comments From dom@earth.li 2004-09-07 14:17:01 ----

See also bug 1888.



------- Additional Comments From dwb7@ccmr.cornell.edu 2004-09-07 16:40:20 ----

on the 7.3 side, seems this is covered by CAN-2004-0700 (covered in bug 1888)

reference:
https://rhn.redhat.com/errata/RHSA-2004-408.html



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-10 11:01:38 ----

Looking at the source code for httpd 2.0.40, on which rh9 is based, it appears
this bug does not apply.

I am closing this. If someone thinks the bug applies, it can be reopened.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 2041 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2041
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.