ID CVE-2002-0082
Summary The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
References
Vulnerable Configurations
  • cpe:2.3:a:apache-ssl:apache-ssl:1.40
    cpe:2.3:a:apache-ssl:apache-ssl:1.40
  • cpe:2.3:a:apache-ssl:apache-ssl:1.41
    cpe:2.3:a:apache-ssl:apache-ssl:1.41
  • cpe:2.3:a:apache-ssl:apache-ssl:1.42
    cpe:2.3:a:apache-ssl:apache-ssl:1.42
  • cpe:2.3:a:apache-ssl:apache-ssl:1.44
    cpe:2.3:a:apache-ssl:apache-ssl:1.44
  • cpe:2.3:a:apache-ssl:apache-ssl:1.45
    cpe:2.3:a:apache-ssl:apache-ssl:1.45
  • cpe:2.3:a:apache-ssl:apache-ssl:1.46
    cpe:2.3:a:apache-ssl:apache-ssl:1.46
  • cpe:2.3:a:mod_ssl:mod_ssl:2.7.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.7.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8
    cpe:2.3:a:mod_ssl:mod_ssl:2.8
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.1
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.1
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.2
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.3
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.3
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.4
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.4
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.5
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.5
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.6
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.6
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id APACHE_SSL_OVERFLOW.NASL
    description The remote host is using a version of Apache-SSL that is older than 1.3.22+1.46. Such versions are vulnerable to a buffer overflow that, albeit difficult to exploit, may allow an attacker to execute arbitrary commands on this host subject to the privileges under which the web server operates.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 10918
    published 2002-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10918
    title Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-120.NASL
    description Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl. With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks. To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 14957
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14957
    title Debian DSA-120-1 : mod_ssl - buffer overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2002-020.NASL
    description Ed Moyle discovered a buffer overflow in mod_ssl's session caching mechanisms that use shared memory and dbm. This could potentially be triggered by sending a very long client certificate to the server.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 13928
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13928
    title Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:020)
  • NASL family Web Servers
    NASL id MOD_SSL_OVERFLOW.NASL
    description According to the web server banner, the remote host is using a vulnerable version of mod_ssl. This version has a buffer overflow vulnerability. A remote attacker could exploit this issue to execute arbitrary code. *** Some vendors patched older versions of mod_ssl, so this *** might be a false positive. Check with your vendor to determine *** if you have a version of mod_ssl that is patched for this *** vulnerability.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 10888
    published 2002-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10888
    title Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
redhat via4
advisories
  • rhsa
    id RHSA-2002:041
  • rhsa
    id RHSA-2002:042
  • rhsa
    id RHSA-2002:045
refmap via4
bid 4189
bugtraq
  • 20020227 mod_ssl Buffer Overflow Condition (Update Available)
  • 20020228 TSLSA-2002-0034 - apache
  • 20020301 Apache-SSL buffer overflow (fix available)
  • 20020304 Apache-SSL 1.3.22+1.47 - update to security fix
caldera CSSA-2002-011.0
compaq SSRT0817
conectiva CLA-2002:465
confirm http://www.apacheweek.com/issues/02-03-01#security
debian DSA-120
engarde ESA-20020301-005
hp
  • HPSBTL0203-031
  • HPSBUX0204-190
mandrake MDKSA-2002:020
xf apache-modssl-bo(8308)
Last major update 17-10-2016 - 22:16
Published 15-03-2002 - 00:00
Back to Top