1. Topic:

A vulnerability in the shm and dbm mod_ssl session caches has been found.

2. Problem description:

When session caching is enabled, mod_ssl will serialize SSL session
variables to store them for later use. Unpatched versions of mod_ssl prior
to version 2.8.7 which use the shm or dbm session caches would store
session variables using a buffer with a fixed size, making it vulnerable
to overflow.

To exploit the overflow, the server must be configured to require client
certificates and an attacker must obtain a carefully crafted client
certificate that has been signed by a Certificate Authority which is
trusted by the server. If these conditions are met, it would be possible
for an attacker to execute arbitrary code on the server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0082 to this issue.

Red Hat Stronghold version 3.0 build codes 3015 and earlier contain a
vulnerable version of mod_ssl. However, Red Hat Stronghold is set by
default to use the shmcb session cache (also known as c2shm) which is not
vulnerable to this issue.

Stronghold 3.0 build code 3016 is now available from
http://www.int.c2.net/download/ that is not vulnerable to this issue.

3. Bug IDs fixed: (see bugzilla for more information)

4. Relevant releases/architectures:

5. RPMs required:

6. Solution:

Please consult the Stronghold documentation on how to upgrade Stronghold

7. Verification:

MD5 sum                           Package Name
-------------------------------------------------------------------------