CGI abuses : mod_ssl overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.10888

Categoría: CGI abuses

Título: mod_ssl overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote host is using a version of mod_ssl which is
older than 2.8.7.

This version is vulnerable to a buffer overflow which,
albeit difficult to exploit, may allow an attacker
to obtain a shell on this host.

*** Some vendors patched older versions of mod_ssl, so this
*** might be a false positive. Check with your vendor to determine
*** if you have a version of mod_ssl that is patched for this
*** vulnerability

Solution : Upgrade to version 2.8.7 or newer
Risk factor : High

Referencia Cruzada: BugTraq ID: 4189
Common Vulnerability Exposure (CVE) ID: CVE-2002-0082
http://www.securityfocus.com/bid/4189
Bugtraq: 20020227 mod_ssl Buffer Overflow Condition (Update Available) (Google Search)
http://online.securityfocus.com/archive/1/258646
Bugtraq: 20020228 TSLSA-2002-0034 - apache (Google Search)
Bugtraq: 20020301 Apache-SSL buffer overflow (fix available) (Google Search)
http://marc.info/?l=bugtraq&m=101518491916936&w=2
Bugtraq: 20020304 Apache-SSL 1.3.22+1.47 - update to security fix (Google Search)
http://marc.info/?l=bugtraq&m=101528358424306&w=2
Caldera Security Advisory: CSSA-2002-011.0
http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
COMPAQ Service Security Patch: SSRT0817
http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
Conectiva Linux advisory: CLA-2002:465
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
Debian Security Information: DSA-120 (Google Search)
http://www.debian.org/security/2002/dsa-120
En Garde Linux Advisory: ESA-20020301-005
http://www.linuxsecurity.com/advisories/other_advisory-1923.html
HPdes Security Advisory: HPSBTL0203-031
http://www.securityfocus.com/advisories/3965
HPdes Security Advisory: HPSBUX0204-190
http://www.securityfocus.com/advisories/4008
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html
http://www.redhat.com/support/errata/RHSA-2002-041.html
http://www.redhat.com/support/errata/RHSA-2002-042.html
http://www.redhat.com/support/errata/RHSA-2002-045.html
http://www.iss.net/security_center/static/8308.php

Copyright This script is Copyright (C) 2002 Renaud Deraison

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.10888
Categoría:	CGI abuses
Título:	mod_ssl overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is using a version of mod_ssl which is older than 2.8.7. This version is vulnerable to a buffer overflow which, albeit difficult to exploit, may allow an attacker to obtain a shell on this host. * Some vendors patched older versions of mod_ssl, so this * might be a false positive. Check with your vendor to determine * if you have a version of mod_ssl that is patched for this * vulnerability Solution : Upgrade to version 2.8.7 or newer Risk factor : High
Referencia Cruzada:	BugTraq ID: 4189 Common Vulnerability Exposure (CVE) ID: CVE-2002-0082 http://www.securityfocus.com/bid/4189 Bugtraq: 20020227 mod_ssl Buffer Overflow Condition (Update Available) (Google Search) http://online.securityfocus.com/archive/1/258646 Bugtraq: 20020228 TSLSA-2002-0034 - apache (Google Search) Bugtraq: 20020301 Apache-SSL buffer overflow (fix available) (Google Search) http://marc.info/?l=bugtraq&m=101518491916936&w=2 Bugtraq: 20020304 Apache-SSL 1.3.22+1.47 - update to security fix (Google Search) http://marc.info/?l=bugtraq&m=101528358424306&w=2 Caldera Security Advisory: CSSA-2002-011.0 http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt COMPAQ Service Security Patch: SSRT0817 http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml Conectiva Linux advisory: CLA-2002:465 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 Debian Security Information: DSA-120 (Google Search) http://www.debian.org/security/2002/dsa-120 En Garde Linux Advisory: ESA-20020301-005 http://www.linuxsecurity.com/advisories/other_advisory-1923.html HPdes Security Advisory: HPSBTL0203-031 http://www.securityfocus.com/advisories/3965 HPdes Security Advisory: HPSBUX0204-190 http://www.securityfocus.com/advisories/4008 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html http://www.redhat.com/support/errata/RHSA-2002-041.html http://www.redhat.com/support/errata/RHSA-2002-042.html http://www.redhat.com/support/errata/RHSA-2002-045.html http://www.iss.net/security_center/static/8308.php
Copyright	This script is Copyright (C) 2002 Renaud Deraison