Bug 73934 - httpd mod_ssl BufferOverflow
httpd mod_ssl BufferOverflow
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: apache (Show other bugs)
7.3
noarch Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-09-13 10:47 EDT by Need Real Name
Modified: 2007-03-26 23:56 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-09-13 14:56:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-09-13 14:56:03 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Description of problem:
I am using RedHat 7.3 with Apache 1.3.23. Someone used the program "bugtraq.c"
to explore an modSSL buffer overflow to get access to a shell. The attack
creates a file named "/tmp/.bugtraq.c" and compiles it using gcc. The program
is started with another computer ip address as argument. All computer files
that the user "apache" can read are exposed.
The program attacks the following Linux distributions:

Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26
SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23
Mandrake: 1.3.14,1.3.19
Slakware: Apache 1.3.26

Regards
Fernando Nunes
Portugal



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Execute the program /tmp/.bugtraq or a simplified version of it.

Actual Results:  The shell scripts included in the program are executed using
the owner of the http process in the target machine

Additional info:
Comment 1 Mark J. Cox (Product Security) 2002-09-17 05:31:39 EDT
This vulnerability is in OpenSSL and was fixed by our update; see
http://rhn.redhat.com/errata/RHSA-2002-155.html and the replacement
http://rhn.redhat.com/errata/RHSA-2002-160.html

Note You need to log in before you can comment on or make changes to this bug.