Vulnerabilities > CVE-2004-0488 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-245.NASL
    descriptionUpdated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue, an attacker would need an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0492 to this issue. On Red Hat Enterprise Linux platforms Red Hat believes this issue cannot lead to remote code execution. This issue also does not represent a Denial of Service attack as requests will continue to be handled by other Apache child processes. A stack-based buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. This update also fixes a DNS handling bug in mod_proxy. The mod_auth_digest module is now included in the Apache package and should be used instead of mod_digest for sites requiring Digest authentication. Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12506
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12506
    titleRHEL 2.1 : apache, mod_ssl (RHSA-2004:245)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:245. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12506);
      script_version ("1.31");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2004-0488", "CVE-2004-0492");
      script_bugtraq_id(10508);
      script_xref(name:"RHSA", value:"2004:245");
    
      script_name(english:"RHEL 2.1 : apache, mod_ssl (RHSA-2004:245)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated httpd and mod_ssl packages that fix minor security issues in
    the Apache Web server are now available for Red Hat Enterprise Linux
    2.1.
    
    The Apache HTTP Server is a powerful, full-featured, efficient, and
    freely-available Web server.
    
    A buffer overflow was found in the Apache proxy module, mod_proxy,
    which can be triggered by receiving an invalid Content-Length header.
    In order to exploit this issue, an attacker would need an Apache
    installation that was configured as a proxy to connect to a malicious
    site. This would cause the Apache child processing the request to
    crash. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2004-0492 to this issue.
    
    On Red Hat Enterprise Linux platforms Red Hat believes this issue
    cannot lead to remote code execution. This issue also does not
    represent a Denial of Service attack as requests will continue to be
    handled by other Apache child processes.
    
    A stack-based buffer overflow was discovered in mod_ssl which can be
    triggered if using the FakeBasicAuth option. If mod_ssl is sent a
    client certificate with a subject DN field longer than 6000
    characters, a stack overflow can occur if FakeBasicAuth has been
    enabled. In order to exploit this issue the carefully crafted
    malicious certificate would have to be signed by a Certificate
    Authority which mod_ssl is configured to trust. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2004-0488 to this issue.
    
    This update also fixes a DNS handling bug in mod_proxy.
    
    The mod_auth_digest module is now included in the Apache package and
    should be used instead of mod_digest for sites requiring Digest
    authentication.
    
    Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should
    upgrade to these erratum packages, which contains Apache version
    1.3.27 with backported patches correcting these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0492"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.apacheweek.com/issues/04-06-11#security"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:245"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/07/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:245";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-1.3.27-8.ent")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-devel-1.3.27-8.ent")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"apache-manual-1.3.27-8.ent")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mod_ssl-2.8.12-4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache / apache-devel / apache-manual / mod_ssl");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-204.NASL
    descriptionThis update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak (CVE-2004-0493), and a buffer overflow in mod_ssl which can be triggered only by a (trusted) client certificate with a long subject DN field (CVE-2004-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13735
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13735
    titleFedora Core 2 : httpd-2.0.50-2.1 (2004-204)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-204.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(13735);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_xref(name:"FEDORA", value:"2004-204");
    
      script_name(english:"Fedora Core 2 : httpd-2.0.50-2.1 (2004-204)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update includes the latest stable release of Apache httpd 2.0,
    including security fixes for a remotely triggerable memory leak
    (CVE-2004-0493), and a buffer overflow in mod_ssl which can be
    triggered only by a (trusted) client certificate with a long subject
    DN field (CVE-2004-0488).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-July/000220.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?466f113b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"httpd-2.0.50-2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"httpd-debuginfo-2.0.50-2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"httpd-devel-2.0.50-2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"httpd-manual-2.0.50-2.1")) flag++;
    if (rpm_check(release:"FC2", reference:"mod_ssl-2.0.50-2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl");
    }
    
  • NASL familyWeb Servers
    NASL idMOD_SSL_UUENCODE_BINARY.NASL
    descriptionThe remote host is using a version of mod_ssl that is older than 2.8.18. This version is vulnerable to a flaw that could allow an attacker to disable the remote website remotely, or to execute arbitrary code on the remote host. Note that several Linux distributions patched the old version of this module. Therefore, this alert might be a false-positive. Please check with your vendor to determine if you really are vulnerable to this flaw.
    last seen2020-06-01
    modified2020-06-02
    plugin id12255
    published2004-05-29
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/12255
    titlemod_ssl ssl_util_uuencode_binary Remote Overflow
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200406-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200406-05 (Apache: Buffer overflow in mod_ssl) A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a remote buffer overflow on a server configured to use FakeBasicAuth that will trust a client certificate with an issuing CA with a subject DN longer than 6k. Impact : Given the right server configuration, an attacker could cause a Denial of Service or execute code as the user running Apache, usually
    last seen2020-06-01
    modified2020-06-02
    plugin id14516
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14516
    titleGLSA-200406-05 : Apache: Buffer overflow in mod_ssl
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0523.NASL
    descriptionRed Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63857
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63857
    titleRHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-532.NASL
    descriptionTwo vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. - CAN-2004-0700 Format string vulnerability in the ssl_log function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS.
    last seen2020-06-01
    modified2020-06-02
    plugin id15369
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15369
    titleDebian DSA-532-2 : libapache-mod-ssl - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-342.NASL
    descriptionUpdated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12636
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12636
    titleRHEL 3 : httpd (RHSA-2004:342)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-055.NASL
    descriptionA stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id14154
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14154
    titleMandrake Linux Security Advisory : apache2 (MDKSA-2004:055)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-154-01.NASL
    descriptionNew mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA. Websites running mod_ssl should upgrade to the new set of apache and mod_ssl packages. There are new PHP packages as well to fix a Slackware-specific local denial-of-service issue (an additional Slackware advisory SSA:2004-154-02 has been issued for PHP).
    last seen2020-06-01
    modified2020-06-02
    plugin id18790
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18790
    titleSlackware 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2004-154-01)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20041202.NASL
    descriptionThe remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15898
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15898
    titleMac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-054.NASL
    descriptionA stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id14153
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14153
    titleMandrake Linux Security Advisory : mod_ssl (MDKSA-2004:054)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-203.NASL
    descriptionThis update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak (CVE-2004-0493), and a buffer overflow in mod_ssl which can be triggered only by a (trusted) client certificate with a long subject DN field (CVE-2004-0488). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id13734
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13734
    titleFedora Core 1 : httpd-2.0.50-1.0 (2004-203)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20040907.NASL
    descriptionThe remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id14676
    published2004-09-08
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14676
    titleMac OS X Multiple Vulnerabilities (Security Update 2004-09-07)

Oval

accepted2013-04-29T04:14:12.127-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionStack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
familyunix
idoval:org.mitre.oval:def:11458
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleStack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
version26

Redhat

advisories
  • rhsa
    idRHSA-2004:245
  • rhsa
    idRHSA-2004:342
  • rhsa
    idRHSA-2004:405
  • rhsa
    idRHSA-2005:816
rpms
  • httpd-0:2.0.46-32.ent.3
  • httpd-debuginfo-0:2.0.46-32.ent.3
  • httpd-devel-0:2.0.46-32.ent.3
  • mod_ssl-1:2.0.46-32.ent.3
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.0.50: http://httpd.apache.org/security/vulnerabilities_20.html

References