Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA120] DSA-120-1 mod_ssl Vulnerability Scan

Vulnerability Scan Summary
DSA-120-1 mod_ssl

Detailed Explanation for this Vulnerability Test

Ed Moyle recently
found a buffer overflow in Apache-SSL and mod_ssl.
With session caching enabled, mod_ssl will serialize SSL session
variables to store them for later use. These variables were stored in
a buffer of a fixed size without proper boundary checks.
To exploit the overflow, the server must be configured to require client
certificates, and a possible hacker must obtain a carefully crafted client
certificate that has been signed by a Certificate Authority which is
trusted by the server. If these conditions are met, it would be possible
for a possible hacker to execute arbitrary code on the server.
This problem has been fixed in version of Apache-SSL and
version 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable
Debian distribution as well as in version of
Apache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing
and unstable distribution of Debian.
We recommend that you upgrade your Apache-SSL and mod_ssl packages.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.