Red Hat Bugzilla – Bug 73934
httpd mod_ssl BufferOverflow
Last modified: 2007-03-26 23:56:57 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Description of problem:
I am using RedHat 7.3 with Apache 1.3.23. Someone used the program "bugtraq.c"
to explore an modSSL buffer overflow to get access to a shell. The attack
creates a file named "/tmp/.bugtraq.c" and compiles it using gcc. The program
is started with another computer ip address as argument. All computer files
that the user "apache" can read are exposed.
The program attacks the following Linux distributions:
Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26
SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23
Slakware: Apache 1.3.26
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Execute the program /tmp/.bugtraq or a simplified version of it.
Actual Results: The shell scripts included in the program are executed using
the owner of the http process in the target machine
This vulnerability is in OpenSSL and was fixed by our update; see
http://rhn.redhat.com/errata/RHSA-2002-155.html and the replacement