|
|
Family: Slackware Local Security Checks --> Category: infos
SSA-2004-154-01 mod_ssl Vulnerability Scan
Vulnerability Scan Summary
SSA-2004-154-01 mod_ssl
Detailed Explanation for this Vulnerability Test
New mod_ssl packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue. The packages were upgraded to mod_ssl-2.8.18-1.3.31
fixing a buffer overflow that may allow remote attackers to execute arbitrary
code via a client certificate with a long subject DN, if mod_ssl is
configured to trust the issuing CA. Web sites running mod_ssl should upgrade
to the new set of apache and mod_ssl packages. There are new PHP packages as
well to fix a Slackware-specific local denial-of-service issue (an additional
Slackware advisory SSA:2004-154-02 has been issued for PHP).
More details about the mod_ssl issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488
Click HERE for more information and discussions on this network vulnerability scan.
|
