ID CVE-2004-0488
Summary Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 1.3
    cpe:2.3:a:apache:http_server:1.3
  • Apache Software Foundation Apache HTTP Server 1.3.1
    cpe:2.3:a:apache:http_server:1.3.1
  • Apache Software Foundation Apache HTTP Server 1.3.3
    cpe:2.3:a:apache:http_server:1.3.3
  • Apache Software Foundation Apache HTTP Server 1.3.4
    cpe:2.3:a:apache:http_server:1.3.4
  • Apache Software Foundation Apache HTTP Server 1.3.6
    cpe:2.3:a:apache:http_server:1.3.6
  • cpe:2.3:a:apache:http_server:1.3.7:-:dev
    cpe:2.3:a:apache:http_server:1.3.7:-:dev
  • Apache Software Foundation Apache HTTP Server 1.3.9
    cpe:2.3:a:apache:http_server:1.3.9
  • Apache Software Foundation Apache HTTP Server 1.3.11
    cpe:2.3:a:apache:http_server:1.3.11
  • Apache Software Foundation Apache HTTP Server 1.3.12
    cpe:2.3:a:apache:http_server:1.3.12
  • Apache Software Foundation Apache HTTP Server 1.3.14
    cpe:2.3:a:apache:http_server:1.3.14
  • Apache Software Foundation Apache HTTP Server 1.3.17
    cpe:2.3:a:apache:http_server:1.3.17
  • Apache Software Foundation Apache HTTP Server 1.3.18
    cpe:2.3:a:apache:http_server:1.3.18
  • Apache Software Foundation Apache HTTP Server 1.3.19
    cpe:2.3:a:apache:http_server:1.3.19
  • Apache Software Foundation Apache HTTP Server 1.3.20
    cpe:2.3:a:apache:http_server:1.3.20
  • Apache Software Foundation Apache HTTP Server 1.3.22
    cpe:2.3:a:apache:http_server:1.3.22
  • Apache Software Foundation Apache HTTP Server 1.3.23
    cpe:2.3:a:apache:http_server:1.3.23
  • Apache Software Foundation Apache HTTP Server 1.3.24
    cpe:2.3:a:apache:http_server:1.3.24
  • Apache Software Foundation Apache HTTP Server 1.3.25
    cpe:2.3:a:apache:http_server:1.3.25
  • Apache Software Foundation Apache HTTP Server 1.3.26
    cpe:2.3:a:apache:http_server:1.3.26
  • Apache Software Foundation Apache HTTP Server 1.3.27
    cpe:2.3:a:apache:http_server:1.3.27
  • Apache Software Foundation Apache HTTP Server 1.3.28
    cpe:2.3:a:apache:http_server:1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
    cpe:2.3:a:apache:http_server:1.3.29
  • Apache Software Foundation Apache HTTP Server 1.3.31
    cpe:2.3:a:apache:http_server:1.3.31
  • Apache Software Foundation Apache HTTP Server 2.0
    cpe:2.3:a:apache:http_server:2.0
  • Apache Software Foundation Apache HTTP Server 2.0.9a
    cpe:2.3:a:apache:http_server:2.0.9
  • Apache Software Foundation Apache HTTP Server 2.0.28
    cpe:2.3:a:apache:http_server:2.0.28
  • Apache Software Foundation Apache HTTP Server 2.0.28 Beta
    cpe:2.3:a:apache:http_server:2.0.28:beta
  • Apache Software Foundation Apache HTTP Server 2.0.32
    cpe:2.3:a:apache:http_server:2.0.32
  • Apache Software Foundation Apache HTTP Server 2.0.35
    cpe:2.3:a:apache:http_server:2.0.35
  • Apache Software Foundation Apache HTTP Server 2.0.36
    cpe:2.3:a:apache:http_server:2.0.36
  • Apache Software Foundation Apache HTTP Server 2.0.37
    cpe:2.3:a:apache:http_server:2.0.37
  • Apache Software Foundation Apache HTTP Server 2.0.38
    cpe:2.3:a:apache:http_server:2.0.38
  • Apache Software Foundation Apache HTTP Server 2.0.39
    cpe:2.3:a:apache:http_server:2.0.39
  • Apache Software Foundation Apache HTTP Server 2.0.40
    cpe:2.3:a:apache:http_server:2.0.40
  • Apache Software Foundation Apache HTTP Server 2.0.41
    cpe:2.3:a:apache:http_server:2.0.41
  • Apache Software Foundation Apache HTTP Server 2.0.42
    cpe:2.3:a:apache:http_server:2.0.42
  • Apache Software Foundation Apache HTTP Server 2.0.43
    cpe:2.3:a:apache:http_server:2.0.43
  • Apache Software Foundation Apache HTTP Server 2.0.44
    cpe:2.3:a:apache:http_server:2.0.44
  • Apache Software Foundation Apache HTTP Server 2.0.45
    cpe:2.3:a:apache:http_server:2.0.45
  • Apache Software Foundation Apache HTTP Server 2.0.46
    cpe:2.3:a:apache:http_server:2.0.46
  • Apache Software Foundation Apache HTTP Server 2.0.47
    cpe:2.3:a:apache:http_server:2.0.47
  • Apache Software Foundation Apache HTTP Server 2.0.48
    cpe:2.3:a:apache:http_server:2.0.48
  • Apache Software Foundation Apache HTTP Server 2.0.49
    cpe:2.3:a:apache:http_server:2.0.49
  • MandrakeSoft Mandrake Multi Network Firewall 8.2
    cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.7
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.7
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.10
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.10
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.12
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.12
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.15
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.15
  • cpe:2.3:a:mod_ssl:mod_ssl:2.8.16
    cpe:2.3:a:mod_ssl:mod_ssl:2.8.16
  • SGI ProPack 2.4
    cpe:2.3:a:sgi:propack:2.4
  • cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0
    cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0
  • cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0_u1
    cpe:2.3:a:tinysofa:tinysofa_enterprise_server:1.0_u1
  • Gentoo Linux 1.4
    cpe:2.3:o:gentoo:linux:1.4
  • MandrakeSoft Mandrake Linux 9.1
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:-:ppc
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:-:ppc
  • MandrakeSoft Mandrake Linux 9.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
  • OpenBSD 3.4
    cpe:2.3:o:openbsd:openbsd:3.4
  • OpenBSD 3.5
    cpe:2.3:o:openbsd:openbsd:3.5
  • cpe:2.3:o:openbsd:openbsd:current
    cpe:2.3:o:openbsd:openbsd:current
  • Trustix Secure Linux 1.5
    cpe:2.3:o:trustix:secure_linux:1.5
  • Trustix Secure Linux 2.0
    cpe:2.3:o:trustix:secure_linux:2.0
  • Trustix Secure Linux 2.1
    cpe:2.3:o:trustix:secure_linux:2.1
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-245.NASL
    description Updated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue, an attacker would need an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0492 to this issue. On Red Hat Enterprise Linux platforms Red Hat believes this issue cannot lead to remote code execution. This issue also does not represent a Denial of Service attack as requests will continue to be handled by other Apache child processes. A stack-based buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. This update also fixes a DNS handling bug in mod_proxy. The mod_auth_digest module is now included in the Apache package and should be used instead of mod_digest for sites requiring Digest authentication. Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12506
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12506
    title RHEL 2.1 : apache, mod_ssl (RHSA-2004:245)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-532.NASL
    description Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. - CAN-2004-0700 Format string vulnerability in the ssl_log function in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15369
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15369
    title Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-154-01.NASL
    description New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if mod_ssl is configured to trust the issuing CA. Websites running mod_ssl should upgrade to the new set of apache and mod_ssl packages. There are new PHP packages as well to fix a Slackware-specific local denial-of-service issue (an additional Slackware advisory SSA:2004-154-02 has been issued for PHP).
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 18790
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18790
    title Slackware 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2004-154-01)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200406-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200406-05 (Apache: Buffer overflow in mod_ssl) A bug in the function ssl_util_uuencode_binary in ssl_util.c may lead to a remote buffer overflow on a server configured to use FakeBasicAuth that will trust a client certificate with an issuing CA with a subject DN longer than 6k. Impact : Given the right server configuration, an attacker could cause a Denial of Service or execute code as the user running Apache, usually 'apache'. It is thought to be impossible to exploit this to execute code on the x86 platform, but the possibility for other platforms is unknown. This does not preclude a DoS on x86 systems. Workaround : A server should not be vulnerable if it is not configured to use FakeBasicAuth and to trust a client CA with a long subject DN.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14516
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14516
    title GLSA-200406-05 : Apache: Buffer overflow in mod_ssl
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-055.NASL
    description A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14154
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14154
    title Mandrake Linux Security Advisory : apache2 (MDKSA-2004:055)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-342.NASL
    description Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue. A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12636
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12636
    title RHEL 3 : httpd (RHSA-2004:342)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-054.NASL
    description A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to prevent this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14153
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14153
    title Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:054)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0523.NASL
    description Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack. (CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) Multiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Users of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63857
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63857
    title RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)
  • NASL family Web Servers
    NASL id MOD_SSL_UUENCODE_BINARY.NASL
    description The remote host is using a version of mod_ssl that is older than 2.8.18. This version is vulnerable to a flaw that could allow an attacker to disable the remote website remotely, or to execute arbitrary code on the remote host. Note that several Linux distributions patched the old version of this module. Therefore, this alert might be a false-positive. Please check with your vendor to determine if you really are vulnerable to this flaw.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 12255
    published 2004-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12255
    title mod_ssl ssl_util_uuencode_binary Remote Overflow
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20040907.NASL
    description The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 14676
    published 2004-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14676
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20041202.NASL
    description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 15898
    published 2004-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15898
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
oval via4
accepted 2013-04-29T04:14:12.127-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
family unix
id oval:org.mitre.oval:def:11458
status accepted
submitted 2010-07-09T03:56:16-04:00
title Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2004:245
  • rhsa
    id RHSA-2004:342
  • rhsa
    id RHSA-2004:405
  • rhsa
    id RHSA-2005:816
refmap via4
bid 10355
bugtraq
  • 20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)
  • 20040601 TSSA-2004-008 - apache
debian DSA-532
fedora FLSA:1888
fulldisc 20040517 mod_ssl ssl_util_uuencode_binary potential problem
gentoo GLSA-200406-05
hp
  • SSRT4777
  • SSRT4788
mandrake
  • MDKSA-2004:054
  • MDKSA-2004:055
sgi 20040605-01-U
trustix 2004-0031
xf apache-modssl-uuencode-bo(16214)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.50: http://httpd.apache.org/security/vulnerabilities_20.html
Last major update 17-10-2016 - 22:45
Published 07-07-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top