LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: mod_ssl Buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Slackware May allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA.

[slackware-security]  mod_ssl (SSA:2004-154-01)

New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue.  The packages were upgraded to mod_ssl-2.8.18-1.3.31
fixing a buffer overflow that may allow remote attackers to execute arbitrary
code via a client certificate with a long subject DN, if mod_ssl is
configured to trust the issuing CA.  Web sites running mod_ssl should upgrade
to the new set of apache and mod_ssl packages.  There are new PHP packages as
well to fix a Slackware-specific local denial-of-service issue (an additional
Slackware advisory SSA:2004-154-02 has been issued for PHP).

More details about the mod_ssl issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Jun  2 11:28:17 PDT 2004
patches/packages/mod_ssl-2.8.18_1.3.31-i486-1.tgz:  Upgraded to
  mod_ssl-2.8.18-1.3.31.  This fixes a buffer overflow that may allow remote
  attackers to execute arbitrary code via a client certificate with a long
  subject DN, if mod_ssl is configured to trust the issuing CA:
    *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
      if the Subject-DN in the client certificate exceeds 6KB in length.
  For more details, see:
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488
  (* Security fix *)
  Other changes:  Make the sample keys .new so as not to overwrite existing
  server keys.  However, any existing mod_ssl package will have these listed
  as non-config files, and will still remove and replace these upon upgrade.
  You'll have to save your config files one more time... sorry).
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.31-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.18_1.3.31-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.6-i386-1.tgz

Updated packages for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.31-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.18_1.3.31-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.6-i386-1.tgz

Updated packages for Slackware 9.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.31-i486-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.18_1.3.31-i486-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.6-i486-1.tgz

Updated packages for Slackware -current: 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.31-i486-2.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.18_1.3.31-i486-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.6-i486-4.tgz


MD5 signatures:
+-------------+

Slackware 8.1 packages:
5746a612882fb1ba946305e34fc8dd45  apache-1.3.31-i386-1.tgz
d4930240294413471df9128dcd1e71ee  mod_ssl-2.8.18_1.3.31-i386-1.tgz
cee32e839211a37b0081615b4112b87f  php-4.3.6-i386-1.tgz

Slackware 9.0 packages:
6366a8951a42536c99d9f926bd7ed4c9  apache-1.3.31-i386-1.tgz
dff6235ef0f46b4ab77aefa989e1b3f7  mod_ssl-2.8.18_1.3.31-i386-1.tgz
eaa0c69981f0aa8cc6b2d4ef0269481c  php-4.3.6-i386-1.tgz

Slackware 9.1 packages:
5fbeac17051bcf7e41446d7b7a7a82be  apache-1.3.31-i486-1.tgz
6a96640c9beb79dde305ddb22e36509e  mod_ssl-2.8.18_1.3.31-i486-1.tgz
007c48e42d292819b6cdc66e2e8334e0  php-4.3.6-i486-1.tgz

Slackware -current packages:
5d69e97123241842eafc701c8bd6af88  apache-1.3.31-i486-2.tgz
020e5253fdd9f48ed163ad331e7b05fc  mod_ssl-2.8.18_1.3.31-i486-1.tgz
07bcba5e37538f16941141c43006cec1  php-4.3.6-i486-4.tgz


Installation instructions:
+------------------------+

First, stop apache:

# apachectl stop

IMPORTANT:  Backup any keys/certificates you wish to save for
mod_ssl (in /etc/apache/ssl.*)

Next, upgrade these packages as root:

# upgradepkg apache-1.3.31-i486-1.tgz
# upgradepkg mod_ssl-2.8.18_1.3.31-i486-1.tgz
# upgradepkg php-4.3.6-i486-1.tgz

If necessary, restore any mod_ssl config files.

Finally, restart apache:

# apachectl start

Or, if you're running a secure server with mod_ssl:

# apachectl startssl


+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers encrypted the entire City of Detroit DataBase & demanded ransom of 2000 bitcoins ($803,500)
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.