Apache mod_ssl ssl_util_uuencode_binary buffer overflow
| apache-modssl-uuencode-bo (16214) |  Medium Risk |
Description:
The mod_ssl authentication module for Apache HTTP Server is vulnerable to a stack-based buffer overflow, caused by a vulnerability in the ssl_util_uuencode_binary function. A remote attacker could exploit this vulnerability to overflow a buffer and possibly cause a denial of service or execute arbitrary code on the system.
Platforms Affected:
- Apache, HTTP Server 1.3
- Apache, HTTP Server 1.3.1
- Apache, HTTP Server 1.3.11
- Apache, HTTP Server 1.3.12
- Apache, HTTP Server 1.3.14
- Apache, HTTP Server 1.3.17
- Apache, HTTP Server 1.3.18
- Apache, HTTP Server 1.3.19
- Apache, HTTP Server 1.3.20
- Apache, HTTP Server 1.3.22
- Apache, HTTP Server 1.3.23
- Apache, HTTP Server 1.3.24
- Apache, HTTP Server 1.3.25
- Apache, HTTP Server 1.3.26
- Apache, HTTP Server 1.3.27
- Apache, HTTP Server 1.3.28
- Apache, HTTP Server 1.3.29
- Apache, HTTP Server 1.3.3
- Apache, HTTP Server 1.3.31
- Apache, HTTP Server 1.3.4
- Apache, HTTP Server 1.3.6
- Apache, HTTP Server 1.3.7
- Apache, HTTP Server 1.3.9
- Apache, HTTP Server 2.0
- Apache, HTTP Server 2.0.28
- Apache, HTTP Server 2.0.28 Beta
- Apache, HTTP Server 2.0.32
- Apache, HTTP Server 2.0.35
- Apache, HTTP Server 2.0.36
- Apache, HTTP Server 2.0.37
- Apache, HTTP Server 2.0.38
- Apache, HTTP Server 2.0.39
- Apache, HTTP Server 2.0.40
- Apache, HTTP Server 2.0.41
- Apache, HTTP Server 2.0.42
- Apache, HTTP Server 2.0.43
- Apache, HTTP Server 2.0.44
- Apache, HTTP Server 2.0.45
- Apache, HTTP Server 2.0.46
- Apache, HTTP Server 2.0.47
- Apache, HTTP Server 2.0.48
- Apache, HTTP Server 2.0.49
- Apache, HTTP Server 2.0.9A
- Apple, Mac OS X 10.2.8
- Apple, Mac OS X 10.3.6
- Apple, Mac OS X Server 10.2.8
- Apple, Mac OS X Server 10.3.6
- Debian, Debian Linux 3.0
- Gentoo, Linux 1.4
- Gentoo, Linux
- HP, HP-UX 11.00
- HP, HP-UX 11.04
- HP, HP-UX 11.11
- HP, HP-UX 11.22
- HP, HP-UX 11.23
- MandrakeSoft, Mandrake Linux 10.0
- MandrakeSoft, Mandrake Linux 10.0 AMD64
- MandrakeSoft, Mandrake Linux 9.1
- MandrakeSoft, Mandrake Linux 9.1 PPC
- MandrakeSoft, Mandrake Linux 9.2
- MandrakeSoft, Mandrake Linux 9.2 AMD64
- MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 2.1
- MandrakeSoft, Mandrake Multi Network Firewall 8.2
- OpenPKG, OpenPKG 1.3
- OpenPKG, OpenPKG 2.0
- OpenPKG, OpenPKG CURRENT
- RedHat, Enterprise Linux 2.1 AS
- RedHat, Enterprise Linux 2.1 AW
- RedHat, Enterprise Linux 2.1 WS
- RedHat, Enterprise Linux 2.1 ES
- RedHat, Enterprise Linux 3 WS
- RedHat, Enterprise Linux 3 ES
- RedHat, Enterprise Linux 3 AS
- RedHat, Enterprise Linux 3 Desktop
- RedHat, Linux 3.0
- RedHat, Linux Advanced Workstation 2.1 Itanium
- RedHat, Network Proxy 4.2
- RedHat, Stronghold
- Slackware, Slackware Linux 8.1
- Slackware, Slackware Linux 9.0
- Slackware, Slackware Linux 9.1
- Slackware, Slackware Linux current
- Turbolinux, Turbolinux 10 Desktop
- Turbolinux, Turbolinux 10 F...
- Turbolinux, Turbolinux 10 Server
- Turbolinux, Turbolinux 7 Server
- Turbolinux, Turbolinux 8 Server
- Turbolinux, Turbolinux Home
- Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
- Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
Remedy:
Upgrade to the latest mod_ssl package, as listed below. Refer to slackware-security Mailing List, Wed, 2 Jun 2004 12:24:39 -0700 (PDT) for more information. See References.Slackware Linux 8.1 and 9.0: 2.8.18_1.3.31-i386-1 or later
Slackware Linux 9.1 and -current: 2.8.18_1.3.31-i486-1 or later
For Gentoo Linux:
Upgrade to the latest version of mod_ssl (2.8.18 or later), as listed in GLSA 200406-05. See References.
For Red Hat Linux:
Upgrade to the latest mod_ssl package, as listed below. Refer to RHSA-2004:245-14 for more information. See References.
Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 1.3.27-8.ent or later
For Red Hat Linux:
Upgrade to the latest mod_ssl package, as listed below. Refer to RHSA-2004:342-10 for more information. See References.
Red Hat Enterprise Linux AS (v. 3), ES (v. 3), WS (v. 3), Desktop: 2.0.46-32.ent.3.x86_64 or later
For Red Hat Linux Stronghold:
Refer to RHSA-2005:816-10 for patch, upgrade, or suggested workaround information. See References.
For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest mod-ssl package (2.8.9-2.3 or later), as listed in DSA-532-1. See References.
For HP-UX 11.00, 11.11, 11.22, and 11.23:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBUX01064. See References.
For HP-UX 11.04 with Virtualvault 4.7, Virtualvault 4.6, or Virtualvault 4.5:
Apply the appropriate patch for your system, as listed in Hewlett-Packard Company Security Bulletin HPSBUX01068. See References.
For Mac OS:
Apply Security Update 2004-12-02, as listed in AppleCare Knowledge Base Document 61798. See References.
For TurboLinux:
Upgrade to the latest httpd package (2.0.51-8 or later), as listed in Turbolinux Security Advisory TLSA-2005-2. See References.
For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2004.026 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Consequences:
Denial of Service
References:
- AppleCare Knowledge Base Document 61798, Security Update 2004-12-02 at http://docs.info.apple.com/article.html?artnum=61798.
- CIAC Information Bulletin 0-188, libapache-mod-ssl at http://www.ciac.org/ciac/bulletins/o-188.shtml.
- CIAC Information Bulletin O-212, Apple Security Update at http://www.ciac.org/ciac/bulletins/o-212.shtml.
- CIAC Information Bulletin P-049, Apple Security Update 2004-12-02 at http://www.ciac.org/ciac/bulletins/p-049.shtml.
- Full-Disclosure Mailing List, Mon May 17 2004 - 08:32:35 CDT, mod_ssl ssl_util_uuencode_binary potential problem at http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0856.html.
- GLSA 200406-05, Apache: Buffer overflow in mod_ssl at http://www.linuxsecurity.com/content/view/106163/104/.
- IBM Systems Support Web site, Support for HMC at https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.Readme.html#MH01110.
- Slackware Security Advisories, [slackware-security] mod_ssl (SSA:2004-154-01) at http://slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.583808.
- BID-10355: Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
- CVE-2004-0488: Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
- DSA-532: libapache-mod-ssl -- several vulnerabilities
- GLSA-200406-05: Apache: Buffer overflow in mod_ssl
- MDKSA-2004:054: Updated mod_ssl package fix remote vulnerability
- MDKSA-2004:055: Updated apache2 package fix vulnerability in mod_ssl
- OpenPKG-SA-2004.026: Apache mod_ssl
- RHSA-2004-245: apache
- RHSA-2004-342: httpd security update
- RHSA-2005-816: apache
- RHSA-2008-0523: Low: Red Hat Network Proxy Server security update
Reported:
May 17, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net