Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Software > Software Security

LinkBack Thread Tools
Old 07.03.2002, 20:50   #1
VX's Avatar
Join Date: 01 2002
Location: Кавказская Албания
Posts: 889
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Angry Apache Mod_SSL/Apache-SSL Buffer Overflow Vulnerability

Mod_SSL and Apache-SSL are implementations of SSL (Secure Socket Layer) for the Apache webserver.

A buffer overflow vulnerability exists in mod_ssl and Apache-SSL that may allow for attackers to execute arbitrary code. The overflow exists when the modules attempt to cache SSL sessions. Vulnerable versions of mod_ssl and Apache-SSL are incapable of handling large session representations.

To exploit this vulnerability, the attacker must somehow increase the size of the data representing the session. This may be accomplished through the use of an extremely large client certificate. This is only possible if verification of client certificates is enabled, and if the certificate is verified by a CA trusted by the webserver. Though these requirements make this vulnerability theoretical, administrators are still urged to upgrade.
Праздник к нам приходит...

|^^^^^^^^^'''^\| ||\__
| ВОДКА-ВОДКА | ||','''|'''''''\_____,_
| _..... _ | ||_ _|'__|_____||.........| |
Reply With Quote

Thread Tools

На правах рекламы:

All times are GMT. The time now is 04:25.

Powered by vBulletin® Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.