aru Posted June 1, 2004 Report Share Posted June 1, 2004 Mandrakesoft Security Advisories MDKSA-2004:054 : mod_ssl Updated mod_ssl package fix remote vulnerability June 1st, 2004 A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x.When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 10.0 MNF8.2 CS2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:054 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0488 Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts