Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:054: mod_ssl Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mod_ssl package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:054 (mod_ssl).
A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in
ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to
trust the issuing CA, a remote attacker may be able to execute arbitrary code
via a client certificate with a long subject DN.
The provided packages are patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:054
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.