Skip to navigation
 
Red Hat Linux Errata Advisory

back
 

Synopsis mod_ssl vulnerabilities in Stronghold

Advisory ID RHSA-2002:045-04

Issue Date 2002-03-07

Updated On 2002-03-14

Product Stronghold Cross Platform

Keywords mod_ssl overflow session cache

Cross References

Obsoletes

Visit the new Red Hat Network
 


1. Topic:

A vulnerability in the shm and dbm mod_ssl session caches has been found.

2. Problem description:

When session caching is enabled, mod_ssl will serialize SSL session
variables to store them for later use. Unpatched versions of mod_ssl prior
to version 2.8.7 which use the shm or dbm session caches would store
session variables using a buffer with a fixed size, making it vulnerable
to overflow.

To exploit the overflow, the server must be configured to require client
certificates and an attacker must obtain a carefully crafted client
certificate that has been signed by a Certificate Authority which is
trusted by the server. If these conditions are met, it would be possible
for an attacker to execute arbitrary code on the server.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0082 to this issue.

Red Hat Stronghold version 3.0 build codes 3015 and earlier contain a
vulnerable version of mod_ssl. However, Red Hat Stronghold is set by
default to use the shmcb session cache (also known as c2shm) which is not
vulnerable to this issue.

Stronghold 3.0 build code 3016 is now available from
http://www.int.c2.net/download/ that is not vulnerable to this issue.

3. Bug IDs fixed: (see bugzilla for more information)

4. Relevant releases/architectures:


5. RPMs required:

6. Solution:

Please consult the Stronghold documentation on how to upgrade Stronghold

7. Verification:

MD5 sum                           Package Name
-------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
http://www.redhat.com/about/contact.html

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082
http://marc.theaimsgroup.com/?l=apache-modssl&m=101449247201254
http://online.securityfocus.com/archive/1/258646