OSVDB ID: 18286

Title: Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow

Info

Disclosure

May 26, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Apache HTTP Server contains a flaw that may allow a remote attacker to gain privileges. The issue is due to the mod_ssl extension module not properly validating Certificate Revocation Lists (CRL). By sending a crafted CRL, an attacker can exploit an off-by-one error in mod_ssl to cause a buffer overflow. This may allow the attacker to crash the web server or potentially execute arbitrary code.

Classification

Attack Type: Input Manipulation

Solution

Unknown or Incomplete

Products

Unknown or Incomplete

References

Security Tracker: 1014575
Secunia Advisory ID: 14530 16203 16209 16257 16299 16310 16334 16437 16450 16754 16755 16943 17288 17487 17600 19072 19185
CVE ID: 2005-1268 (see also: NVD)
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050802-01-U.asc http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000982
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:129
http://lists.suse.com/archive/suse-security-announce/2005-Jul/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
http://www-1.ibm.com/support/docview.wss?rs=0&uid=isg1SSRVHMCHMC_S081514_252&loc=en_US&cs=utf-8&cc=us&lang=all
http://www.debian.org/security/2005/dsa-805
http://www.novell.com/linux/security/advisories/2005_46_apache.html
http://www.trustix.org/errata/2005/0055/
http://www.ubuntulinux.org/support/documentation/usn/usn-160-1
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0217.html
Vendor URL: http://httpd.apache.org/
Vendor Specific News/Changelog Entry: http://issues.apache.org/bugzilla/show_bug.cgi?id=35081
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://www.smoothwall.org/updates/2.0/fixes8.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00555254
Generic Exploit URL: http://www.securiteam.com/securitynews/5SP0L1FGAS.html
RedHat RHSA: RHSA-2005:358 RHSA-2005:582

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218