Debian DSA-120-1 : mod_ssl - buffer overflow

high Nessus Plugin ID 14957

Synopsis

The remote Debian host is missing a security-related update.

Description

Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl.
With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks.

To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server.

Solution

Upgrade the Apache-SSL and mod_ssl packages.

This problem has been fixed in version 1.3.9.13-4 of Apache-SSL and version 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable Debian distribution as well as in version 1.3.23.1+1.47-1 of Apache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing and unstable distribution of Debian.

Plugin Details

Severity: High

ID: 14957

File Name: debian_DSA-120.nasl

Version: 1.22

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:apache-ssl, p-cpe:/a:debian:debian_linux:libapache-mod-ssl, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/10/2002

Vulnerability Publication Date: 2/27/2002

Reference Information

CVE: CVE-2002-0082

DSA: 120

Detections

Analytics