Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » ESA-20020301-005: mod_ssl's session caching mechanisms contain a potential bu

ESA-20020301-005: mod_ssl's session caching mechanisms contain a potential bu

by Nikola Strahija on March 2nd, 2002 There is a buffer overflow in mod_ssl, part of EnGarde's apache package, which an attacker may potentially trigger by sending a very long client certificate.


DETAIL
- ------
mod_ssl is an apache module used to provide SSL functionality using the
OpenSSL toolkit. Ed Moyle has discovered a buffer overflow in
mod_ssl's session caching mechanisms using dbm and shared memory.

We would like to stress that this vulnerability is in mod_ssl, not in
apache. We are issuing an apache update because we include mod_ssl as
part of our apache package.


SOLUTION
- --------
All users should upgrade to the most recent version as outlined in
this advisory.

Guardian Digital recently made available the Guardian Digital Secure
Update, a means to proactively keep systems secure and manage
system software. EnGarde users can automatically update their system
using the Guardian Digital WebTool secure interface.

If choosing to manually upgrade this package, updates can be
obtained from:

ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/

Before upgrading the package, the machine must either:

a) be booted into a "standard" kernel; or
b) have LIDS disabled.

To disable LIDS, execute the command:

# /sbin/lidsadm -S -- -LIDS_GLOBAL

To install the updated package, execute the command:

# rpm -Uvh

You must now update the LIDS configuration by executing the command:

# /usr/sbin/config_lids.pl

To re-enable LIDS (if it was disabled), execute the command:

# /sbin/lidsadm -S -- +LIDS_GLOBAL

To verify the signatures of the updated packages, execute the command:

# rpm -Kv


UPDATED PACKAGES
- ----------------
These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

Source Packages:

SRPMS/apache-1.3.23-1.0.27.src.rpm
MD5 Sum: 412c8ed8f0151dc023372b70aac0475c

Binary Packages:

i386/apache-1.3.23-1.0.27.i386.rpm
MD5 Sum: 66b23a6224b1916983c4350e95c35fd6

i686/apache-1.3.23-1.0.27.i686.rpm
MD5 Sum: 4dc0650fb82a15aa00927cabcb02b230


REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

Credit for the discovery of this bug goes to:
Ed Moyle

mod_ssl's Official Web Site:
http://www.modssl.org/

Security Contact: [email protected]
EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020301-005-apache,v 1.3 2002/03/01 05:24:50 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple,
Copyright 2002, Guardian Digital, Inc.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »