CVE-2004-0488
CVSS7.5
发布时间 :2004-07-07 00:00:00
修订时间 :2016-10-17 22:45:40
NMCOS    

[原文]Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.


[CNNVD]Apache Mod_SSL SSL_Util_UUEncode_Binary堆栈缓冲区溢出漏洞(CNNVD-200407-016)

        Mod_SSL是Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。
        Apache mod_ssl 2.8.17及其以前版本的实现中模块ssl_util.c的‘ssl_util_uuencode_binary’函数存在问题,远程攻击者可以利用使用该函数的ssl_engine_kernel.c模块进行拒绝服务攻击或可能以WEB进程执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/o:openbsd:openbsd:current
cpe:/a:apache:http_server:1.3.9Apache Software Foundation Apache HTTP Server 1.3.9
cpe:/a:sgi:propack:2.4SGI ProPack 2.4
cpe:/a:apache:http_server:1.3.17Apache Software Foundation Apache HTTP Server 1.3.17
cpe:/a:apache:http_server:1.3.18Apache Software Foundation Apache HTTP Server 1.3.18
cpe:/a:apache:http_server:1.3.7::dev
cpe:/a:apache:http_server:1.3.11Apache Software Foundation Apache HTTP Server 1.3.11
cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4
cpe:/a:apache:http_server:1.3.12Apache Software Foundation Apache HTTP Server 1.3.12
cpe:/a:apache:http_server:1.3.14Apache Software Foundation Apache HTTP Server 1.3.14
cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:openbsd:openbsd:3.5OpenBSD 3.5
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:apache:http_server:2.0.40Apache Software Foundation Apache HTTP Server 2.0.40
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/a:apache:http_server:2.0.41Apache Software Foundation Apache HTTP Server 2.0.41
cpe:/a:apache:http_server:2.0.32Apache Software Foundation Apache HTTP Server 2.0.32
cpe:/o:mandrakesoft:mandrake_linux:9.1MandrakeSoft Mandrake Linux 9.1
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/a:apache:http_server:2.0.35Apache Software Foundation Apache HTTP Server 2.0.35
cpe:/a:apache:http_server:2.0.36Apache Software Foundation Apache HTTP Server 2.0.36
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2MandrakeSoft Mandrake Multi Network Firewall 8.2
cpe:/a:apache:http_server:2.0.37Apache Software Foundation Apache HTTP Server 2.0.37
cpe:/a:apache:http_server:2.0.38Apache Software Foundation Apache HTTP Server 2.0.38
cpe:/a:apache:http_server:1.3.6Apache Software Foundation Apache HTTP Server 1.3.6
cpe:/a:apache:http_server:2.0.28Apache Software Foundation Apache HTTP Server 2.0.28
cpe:/a:apache:http_server:1.3.20Apache Software Foundation Apache HTTP Server 1.3.20
cpe:/a:apache:http_server:1.3.4Apache Software Foundation Apache HTTP Server 1.3.4
cpe:/a:apache:http_server:1.3.3Apache Software Foundation Apache HTTP Server 1.3.3
cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc
cpe:/a:apache:http_server:1.3Apache Software Foundation Apache HTTP Server 1.3
cpe:/a:apache:http_server:1.3.1Apache Software Foundation Apache HTTP Server 1.3.1
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/a:apache:http_server:1.3.26Apache Software Foundation Apache HTTP Server 1.3.26
cpe:/a:apache:http_server:1.3.27Apache Software Foundation Apache HTTP Server 1.3.27
cpe:/a:apache:http_server:1.3.28Apache Software Foundation Apache HTTP Server 1.3.28
cpe:/a:apache:http_server:1.3.29Apache Software Foundation Apache HTTP Server 1.3.29
cpe:/a:apache:http_server:1.3.22Apache Software Foundation Apache HTTP Server 1.3.22
cpe:/a:mod_ssl:mod_ssl:2.8.16
cpe:/a:apache:http_server:1.3.23Apache Software Foundation Apache HTTP Server 1.3.23
cpe:/a:mod_ssl:mod_ssl:2.8.15
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/a:apache:http_server:1.3.24Apache Software Foundation Apache HTTP Server 1.3.24
cpe:/a:tinysofa:tinysofa_enterprise_server:1.0
cpe:/a:apache:http_server:1.3.25Apache Software Foundation Apache HTTP Server 1.3.25
cpe:/a:apache:http_server:1.3.19Apache Software Foundation Apache HTTP Server 1.3.19
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/a:apache:http_server:2.0.28:betaApache Software Foundation Apache HTTP Server 2.0.28 Beta
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/a:apache:http_server:2.0.42Apache Software Foundation Apache HTTP Server 2.0.42
cpe:/a:apache:http_server:2.0.43Apache Software Foundation Apache HTTP Server 2.0.43
cpe:/a:apache:http_server:2.0.44Apache Software Foundation Apache HTTP Server 2.0.44
cpe:/a:apache:http_server:2.0.45Apache Software Foundation Apache HTTP Server 2.0.45
cpe:/a:apache:http_server:2.0.46Apache Software Foundation Apache HTTP Server 2.0.46
cpe:/a:mod_ssl:mod_ssl:2.8.7
cpe:/a:apache:http_server:2.0.47Apache Software Foundation Apache HTTP Server 2.0.47
cpe:/a:apache:http_server:2.0.48Apache Software Foundation Apache HTTP Server 2.0.48
cpe:/a:apache:http_server:2.0.49Apache Software Foundation Apache HTTP Server 2.0.49
cpe:/a:apache:http_server:2.0.39Apache Software Foundation Apache HTTP Server 2.0.39
cpe:/a:mod_ssl:mod_ssl:2.8.12
cpe:/a:apache:http_server:1.3.31Apache Software Foundation Apache HTTP Server 1.3.31
cpe:/a:mod_ssl:mod_ssl:2.8.10
cpe:/a:tinysofa:tinysofa_enterprise_server:1.0_u1
cpe:/a:apache:http_server:2.0.9Apache Software Foundation Apache HTTP Server 2.0.9a
cpe:/a:apache:http_server:2.0Apache Software Foundation Apache HTTP Server 2.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11458Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust t...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0488
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-016
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
(UNKNOWN)  SGI  20040605-01-U
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html
(UNKNOWN)  FULLDISC  20040517 mod_ssl ssl_util_uuencode_binary potential problem
http://marc.info/?l=bugtraq&m=108567431823750&w=2
(UNKNOWN)  BUGTRAQ  20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)
http://marc.info/?l=bugtraq&m=108619129727620&w=2
(UNKNOWN)  BUGTRAQ  20040601 TSSA-2004-008 - apache
http://marc.info/?l=bugtraq&m=109181600614477&w=2
(UNKNOWN)  HP  SSRT4777
http://marc.info/?l=bugtraq&m=109215056218824&w=2
(UNKNOWN)  HP  SSRT4788
http://rhn.redhat.com/errata/RHSA-2004-245.html
(UNKNOWN)  REDHAT  RHSA-2004:245
http://security.gentoo.org/glsa/glsa-200406-05.xml
(UNKNOWN)  GENTOO  GLSA-200406-05
http://www.debian.org/security/2004/dsa-532
(UNKNOWN)  DEBIAN  DSA-532
http://www.mandriva.com/security/advisories?name=MDKSA-2004:054
(UNKNOWN)  MANDRAKE  MDKSA-2004:054
http://www.mandriva.com/security/advisories?name=MDKSA-2004:055
(UNKNOWN)  MANDRAKE  MDKSA-2004:055
http://www.redhat.com/support/errata/RHSA-2004-342.html
(UNKNOWN)  REDHAT  RHSA-2004:342
http://www.redhat.com/support/errata/RHSA-2004-405.html
(UNKNOWN)  REDHAT  RHSA-2004:405
http://www.redhat.com/support/errata/RHSA-2005-816.html
(UNKNOWN)  REDHAT  RHSA-2005:816
http://www.securityfocus.com/bid/10355
(VENDOR_ADVISORY)  BID  10355
http://www.trustix.net/errata/2004/0031/
(UNKNOWN)  TRUSTIX  2004-0031
http://xforce.iss.net/xforce/xfdb/16214
(VENDOR_ADVISORY)  XF  apache-modssl-uuencode-bo(16214)
https://bugzilla.fedora.us/show_bug.cgi?id=1888
(UNKNOWN)  FEDORA  FLSA:1888

- 漏洞信息

Apache Mod_SSL SSL_Util_UUEncode_Binary堆栈缓冲区溢出漏洞
高危
2004-07-07 00:00:00 2012-12-07 00:00:00
远程※本地  
        Mod_SSL是Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。
        Apache mod_ssl 2.8.17及其以前版本的实现中模块ssl_util.c的‘ssl_util_uuencode_binary’函数存在问题,远程攻击者可以利用使用该函数的ssl_engine_kernel.c模块进行拒绝服务攻击或可能以WEB进程执行任意指令。

- 公告与补丁

        厂商补丁:
        Apache Software Foundation
        --------------------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.modssl.org/

- 漏洞信息

6472
Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A remote overflow exists in Apache mod_ssl. The ssl_util_uuencode_binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can execute arbitray commands on the system, resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-05-17 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.8.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
Boundary Condition Error 10355
Yes No
2004-05-17 12:00:00 2008-07-01 12:40:00
Discovery is credited to Georgi Guninski.

- 受影响的程序版本

Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
tinysofa enterprise server 1.0 -U1
tinysofa enterprise server 1.0
SGI ProPack 2.4
RedHat Stronghold 4.0
RedHat Network Proxy (for RHEL 3) 4.2
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Network Proxy (for RHEL 4) 4.2
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD -current
mod_ssl mod_ssl 2.8.16
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
mod_ssl mod_ssl 2.8.15
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
mod_ssl mod_ssl 2.8.12
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
mod_ssl mod_ssl 2.8.10
- Apache Software Foundation Apache 1.3.26
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.9
- Apache Software Foundation Apache 1.3.26
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ HP Secure OS software for Linux 1.0
+ Slackware Linux 8.1
mod_ssl mod_ssl 2.8.7
+ Apache Software Foundation Apache 1.3.23
+ MandrakeSoft Multi Network Firewall 2.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
HP Webproxy A.02.10
+ HP HP-UX B.11.04
HP Webproxy A.02.00
HP VirtualVault A.04.70
+ HP HP-UX B.11.04
HP VirtualVault A.04.60
+ HP HP-UX B.11.04
HP VirtualVault A.04.50
+ HP HP-UX B.11.04
HP OpenVMS Secure Web Server 7.3 -2
HP OpenVMS Secure Web Server 7.3 -1
HP OpenVMS Secure Web Server 7.3
HP OpenVMS Secure Web Server 7.2 -2
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
HP Compaq Secure Web Server for OpenVMS 2.0 PHP
HP Compaq Secure Web Server for OpenVMS 2.0
HP Compaq Secure Web Server for OpenVMS 1.3
HP Compaq Secure Web Server for OpenVMS 1.2
Gentoo Linux 1.4
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.2.8
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28 Beta
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current
Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
+ OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun SunOS 5.9 _x86
+ Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun SunOS 5.8 _x86
+ Sun SunOS 5.8
Apache Software Foundation Apache 1.3.7 -dev
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.4
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 2.0.50
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 不受影响的程序版本

Apache Software Foundation Apache 2.0.50
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 漏洞讨论

A stack-based buffer overflow has been reported in the Apache 'mod_ssl' module.

This issue is exposed in utility code for uuencoding binary data.

This issue would most likely result in a denial of service if triggered, but could theoretically allow arbitrary code to run. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, but this may not be the case with other architectures.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Fixes are available. Please see the references for more information.


OpenBSD OpenBSD 3.5

OpenBSD OpenBSD 3.4

HP HP-UX B.11.11

HP HP-UX B.11.22

Apache Software Foundation Apache 1.3.26

Apache Software Foundation Apache 1.3.27

Apache Software Foundation Apache 1.3.28

Apache Software Foundation Apache 1.3.29

Apache Software Foundation Apache 1.3.31

Apple Mac OS X Server 10.3.4

Apple Mac OS X Server 10.3.5

Apple Mac OS X 10.3.5

Apache Software Foundation Apache 2.0

Apache Software Foundation Apache 2.0.28 Beta

Apache Software Foundation Apache 2.0.32

Apache Software Foundation Apache 2.0.35

Apache Software Foundation Apache 2.0.36

Apache Software Foundation Apache 2.0.37

Apache Software Foundation Apache 2.0.38

Apache Software Foundation Apache 2.0.39

Apache Software Foundation Apache 2.0.40

Apache Software Foundation Apache 2.0.41

Apache Software Foundation Apache 2.0.43

Apache Software Foundation Apache 2.0.45

Apache Software Foundation Apache 2.0.46

Apache Software Foundation Apache 2.0.48

Apache Software Foundation Apache 2.0.49

mod_ssl mod_ssl 2.8.10

mod_ssl mod_ssl 2.8.12

mod_ssl mod_ssl 2.8.15

mod_ssl mod_ssl 2.8.16

mod_ssl mod_ssl 2.8.7

mod_ssl mod_ssl 2.8.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站