Software Engineering Institute

Notified:  March 01, 2002 Updated: April 04, 2002

Status

Affected

Vendor Statement

http://www.apache-ssl.org/advisory-20020301.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Versions of Apache-SSL prior to 1.3.22+1.47 are vulnerable.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  April 02, 2002

Status

Affected

Vendor Statement

See http://www.caldera.com/support/security/advisories/CSSA-2002-011.0.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  April 02, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TITLE: (SSRT0817, SSRT0821) Potential Security Vulnerabilities
with Compaq Secure Web Server (PHP and apache/mod_ssl)

Posted at http://ftp.support.compaq.com/patches/.new/security.shtml

NOTICE: There are no restrictions for distribution of this Bulletin
provided that it remains complete and intact.

RELEASE DATE: March 2002

SOURCE:
Compaq Computer Corporation
Compaq Services
Software Security Response Team

X-REFERENCE: CVE Candidate - PHP (CAN-2002-0081) ,
Apache/mod_ssl(CAN-2002-0082)

PROBLEM SUMMARY:

Compaq was recently notified of two potential vulnerabilities
that impact Compaq's distributed Secure Web Server (CSWS) for
OpenVMS and TRU64 UNIX.

(SSRT0817) PHP

PHP (Hypertext Preprocessor scripting language). PHP does not
perform proper bounds checking on in functions related to
Form-based File Uploads in HTML to decode MIME encoded files.
This potential overflow vulnerability may allow arbitrary code
to be executed.



(SSRT0821) Apache/mod_ssl

Apache/mod_ssl session cache management routines use an unchecked
buffer that could potentially allow an overflow of a session cache
buffer. Thispotential vulnerability may allow arbitrary code to be
executed.

VERSIONS IMPACTED:

IMPACT:

CSWS (SSRT0817) PHP (SSRT0821)
Apache/mod_ssl

OpenVMS V7.1-2
or
later CSWS_PHP V1.0 CSWS V1.0-1,
CSWS V1.1-1,
CSWS V1.2


TRU64 UNIX V5.0A
or
later CSWS V5.5.2 CSWS V5.5.2


*NOTE:These reported potential vulnerabilities do not
have an impact to the base operating system in the form
of elevated permissions or privileges.


NO IMPACT:

Himalaya Web Products

Compaq Management Software Web Products


RESOLUTION:

Compaq has corrected both problems and created patches that are now
available for CSWS (Compaq Secure Web Server) for OpenVMS and TRU64
UNIX.

CSWS for OpenVMS V7.1-2 or later:

A Compaq Secure Web Server security update kit is available for
download at:
http://www.openvms.compaq.com/openvms/products/ips/apache/csws_patches
.html

(SSRT0817) PHP

INSTALLED VERSION UPDATE KIT

CSWS_PHP 1.0 CSWS_PHP10_UPDATE V1.0


NOTE: (SSRT0817) PHP - For OpenVMS - if upgrading is not
possible or a patch cannot be applied immediately, the
potential PHP overflow vulnerability may be minimized by
adding the following line to MOD_PHP.CONF file:
PHP_FLAG file_uploads OFF
This will prevent using fileuploads, which may not be
an acceptable short-term solution.

(SSRT0821) Apache/mod_ssl

Installed Version Update Kit

CSWS V1.2 CSWS12_UPDATE V1.0
CSWS V1.1-1 CSWS111_UPDATE V1.0
CSWS V1.0-1 CSWS101_UPDATE V1.0




TRU64 UNIX for V5.0a or later:

A Compaq Secure Web Server security update kit is available for
download at:
http://tru64unix.compaq.com/internet/download.htm#sws_v582
select and install the CSWS (Compaq Secure Web Server) kit V5.8.2


Installed Version Install Updated Server Kit

CSWS V5.5.2 CSWS V5.8.2


After completing the update, Compaq strongly recommends that you
perform an immediate backup of your system disk so that any
subsequent restore operations begin with updated software. Otherwise,
you must reapply the patch after a future restore operation. Also, if
at some future time you upgrade your system to a later patch version,
you may need to reapply the appropriate patch.


SUPPORT:

For further information, contact Compaq Global Services.


SUBSCRIBE:

To subscribe to automatically receive future Security Advisories from
the Compaq's Software Security Response Team via electronic mail:
http://www.support.compaq.com/patches/mailing-list.shtml

REPORT:

To report a potential security vulnerability with any Compaq
supported product, send email mailto:security-ssrt@compaq.com

Compaq appreciates your cooperation and patience. We regret
any inconvenience applying this information may cause. As always,
Compaq urges you to periodically review your system management and
security procedures. Compaq will continue to review and enhance the
security features of its products and work with customers to maintain
and improve the security and integrity of their systems.

"Compaq is broadly distributing this Security Advisory to notify all
users of Compaq products of the important security information
contained in this Advisory. Compaq recommends that all users
determine the applicability of this information to their individual
situations and take appropriate action. Compaq does not warrant that
this information is necessarily accurate or complete for all user
situations and, consequently, Compaq will not be responsible for any
damages resulting from user's use or disregard of the information
provided in this Advisory."

Copyright 2002 Compaq Information Technologies Group, L.P. Compaq
shall not be liable for technical or editorial errors or omissions
contained herein. The information in this document is subject to
change without notice. Compaq and the names of Compaq products
referenced herein are, either, trademarks and/or service marks or
registered trademarks and/or service marks of Compaq Information
Technologies Group, L.P. Other product and company names mentioned
herein may be trademarks and/or service marks of their respective
owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBPKYaXznTu2ckvbFuEQLbTQCfarAsi8kRC4LM8mftiUv84AWBHmYAn1Z7
qdlODoP4yGBrHmi2hIVqr0Ia
=egdQ
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  March 04, 2002

Status

Affected

Vendor Statement

See, http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464&ckval=en

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  March 01, 2002 Updated: March 11, 2002

Status

Affected

Vendor Statement

See, http://www.debian.org/security/2002/dsa-120

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  March 01, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory March 01, 2002 |
| http://www.engardelinux.org/ ESA-20020301-005 |
| |
| Package: apache (mod_ssl) |
| Summary: mod_ssl's session caching mechanisms contain a potential |
| buffer overflow |
+------------------------------------------------------------------------+

EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, complete e-commerce using AllCommerce,
and integrated open source security tools.


OVERVIEW
- --------
There is a buffer overflow in mod_ssl, part of EnGarde's apache package,
which an attacker may potentially trigger by sending a very long client
certificate.


DETAIL
- ------
mod_ssl is an apache module used to provide SSL functionality using the
OpenSSL toolkit. Ed Moyle has discovered a buffer overflow in
mod_ssl's session caching mechanisms using dbm and shared memory.

We would like to stress that this vulnerability is in mod_ssl, not in
apache. We are issuing an apache update because we include mod_ssl as
part of our apache package.


SOLUTION
- --------
All users should upgrade to the most recent version as outlined in
this advisory.

Guardian Digital recently made available the Guardian Digital Secure
Update, a means to proactively keep systems secure and manage
system software. EnGarde users can automatically update their system
using the Guardian Digital WebTool secure interface.

If choosing to manually upgrade this package, updates can be
obtained from:

ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/

Before upgrading the package, the machine must either:

a) be booted into a "standard" kernel; or
b) have LIDS disabled.

To disable LIDS, execute the command:

# /sbin/lidsadm -S -- -LIDS_GLOBAL

To install the updated package, execute the command:

# rpm -Uvh <filename>

You must now update the LIDS configuration by executing the command:

# /usr/sbin/config_lids.pl

To re-enable LIDS (if it was disabled), execute the command:

# /sbin/lidsadm -S -- +LIDS_GLOBAL

To verify the signatures of the updated packages, execute the command:

# rpm -Kv <filename>


UPDATED PACKAGES
- ----------------
These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

Source Packages:

SRPMS/apache-1.3.23-1.0.27.src.rpm
MD5 Sum: 412c8ed8f0151dc023372b70aac0475c

Binary Packages:

i386/apache-1.3.23-1.0.27.i386.rpm
MD5 Sum: 66b23a6224b1916983c4350e95c35fd6

i686/apache-1.3.23-1.0.27.i686.rpm
MD5 Sum: 4dc0650fb82a15aa00927cabcb02b230


REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

Credit for the discovery of this bug goes to:
Ed Moyle <emoyle@scsnet.csc.com>

mod_ssl's Official Web Site:
http://www.modssl.org/

Security Contact: security@guardiandigital.com
EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020301-005-apache,v 1.3 2002/03/01 05:24:50 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8fxtOHD5cqd57fu0RAs4YAJwI63Bvsu3ovXom2fpYe3uUVwaQhQCcDmhE
mkmxGGvF3L1LAN+eT5D8uU0=
=dudS
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  March 01, 2002 Updated: March 27, 2002

Status

Affected

Vendor Statement

HP Support Information Digests

===============================================================================
o Security Bulletin Digest Split
------------------------------

The security bulletins digest has been split into multiple digests
based on the operating system (HP-UX, MPE/iX, and HP Secure OS
Software for Linux). You will continue to receive all security
bulletin digests unless you choose to update your subscriptions.

To update your subscriptions, use your browser to access the
IT Resource Center on the World Wide Web at:

http://www.itresourcecenter.hp.com/

Under the Maintenance and Support Menu, click on the "more..." link.
Then use the 'login' link at the left side of the screen to login
using your IT Resource Center User ID and Password.

Under the notifications section (near the bottom of the page), select
Support Information Digests.

To subscribe or unsubscribe to a specific security bulletin digest,
select or unselect the checkbox beside it. Then click the
"Update Subscriptions" button at the bottom of the page.

o IT Resource Center World Wide Web Service
---------------------------------------------------

If you subscribed through the IT Resource Center and would
like to be REMOVED from this mailing list, access the
IT Resource Center on the World Wide Web at:

http://www.itresourcecenter.hp.com/

Login using your IT Resource Center User ID and Password.
Then select Support Information Digests (located under
Maintenance and Support). You may then unsubscribe from the
appropriate digest.
===============================================================================


Digest Name: daily HP Secure OS Software for Linux security bulletins digest
Created: Fri Mar 15 3:00:03 PST 2002

Table of Contents:

Document ID Title
--------------- -----------
HPSBTL0203-031 Security vulnerability in Apache prior to 1.3.23

The documents are listed below.
-------------------------------------------------------------------------------


Document ID: HPSBTL0203-031
Date Loaded: 20020314
Title: Security vulnerability in Apache prior to 1.3.23

TEXT





---------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #031
Originally issued: 14 March '02
---------------------------------------------------------------

The information in the following Security Bulletin should be acted
upon as soon as possible. Hewlett-Packard Company will not be
liable for any consequences to any customer resulting from said customer's
failure to fully implement instructions in this Security Bulletin as
soon as possible.

---------------------------------------------------------------
PROBLEM: Security vulnerability in Apache prior to 1.3.23 and mod_ssl
prior to 2.8.7. This bulletin addresses the same issues as the
Red Hat Advisory RHSA-2002-041. Please, be aware, that the
mod_ssl package has been altered for HP Secure OS software
for Linux. Please follow instructions provided below.

PLATFORM: Any system running HP Secure OS software for Linux Release 1.0

DAMAGE: Use of the client certificates could yield unexpected results
in Apache prior to 1.3.23 and mod_ssl prior to 2.8.7

SOLUTION: Apply the appropriate patch (see section B below).

MANUAL ACTIONS: None

AVAILABILITY: The patch is available now.
---------------------------------------------------------------
A. Background
HP Secure OS software for Linux Release 1.0 was released
with the 1.3.19 version of Apache. Since then, Apache 1.3.23
has been released to correct a number of security related problems.

B. Fixing the problem
Apply patch HPTL_00012.

The patch is available as follows: -

Use your browser to access the HP IT Resource Center page
at:

http://itrc.hp.com

Use the 'Login' tab at the left side of the screen to login
using your ID and password. Use your existing login or the
"Register" button at the left to create a login. Remember to save the
User ID assigned to you, and your password. This login provides
access to many useful areas of the ITRC.

Under the "Maintenance and Support" section, select "Individual Patches".

In the field at the bottom of the page labeled "retrieve a specific patch
by entering the patch name", enter HPTL_00012.

For instructions on installing the patch, please see the install text file
included in the patch.

C. To subscribe to automatically receive future NEW HP Security
Bulletins from the HP IT Resource Center via electronic
mail, do the following:

Use your browser to access the HP IT Resource Center page at:

http://itrc.hp.com

Use the 'Login' tab at the left side of the screen to login
using your ID and password. Use your existing login or the
"Register" button at the left to create a login. Remember to
save the User ID assigned to you, and your password. This
login provides access to many useful areas of the ITRC.

In the left most frame select "Maintenance and Support".

Under the "Notifications" section (near the bottom of
the page), select "Support Information Digests".

To -subscribe- to future HP Security Bulletins or other
Technical Digests, click the check box (in the left column)
for the appropriate digest and then click the "Update
Subscriptions" button at the bottom of the page.

or

To -review- bulletins already released, select the link
(in the middle column) for the appropriate digest.

D. To report new security vulnerabilities, send email to

security-alert@hp.com

Please encrypt any exploit information using the
security-alert PGP key, available from your local key
server. You may also get the security-alert PGP key by
sending a message with a -subject- (not body) of
'get key' (no quotes) to security-alert@hp.com.

Permission is granted for copying and circulating this
Bulletin to Hewlett-Packard (HP) customers (or the Internet
community) for the purpose of alerting them to problems,
if and only if, the Bulletin is not edited or changed in
any way, is attributed to HP, and provided such reproduction
and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. HP is not
liable for any misuse of this information by any third party.
---------------------------------------------------------------
-----End of Document ID: HPSBTL0203-031--------------------------------------

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  March 01, 2002 Updated: March 08, 2002

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: mod_ssl
Advisory ID: MDKSA-2002:020
Date: March 7th, 2002
Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1,
Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

Ed Moyle discovered a buffer overflow in mod_ssl's session caching
mechanisms that use shared memory and dbm. This could potentially be
triggered by sending a very long client certificate to the server.
________________________________________________________________________

References:

http://online.securityfocus.com/bid/4189
________________________________________________________________________

Updated Packages:

Linux-Mandrake 7.1:
57b34a081cca5b85aae6c097d067316a 7.1/RPMS/mod_ssl-2.8.5-2.4mdk.i586.rpm
5189233df0f03cb8fe78675dc4b7b58b 7.1/SRPMS/mod_ssl-2.8.5-2.4mdk.src.rpm

Linux-Mandrake 7.2:
b1fd2e18a7d3b8d512e2bf858c040282 7.2/RPMS/mod_ssl-2.8.5-2.3mdk.i586.rpm
09c08fd15d6e826188f51a41a047b568 7.2/SRPMS/mod_ssl-2.8.5-2.3mdk.src.rpm

Mandrake Linux 8.0:
25812a052c7e82db4015c80395d0a142 8.0/RPMS/mod_ssl-2.8.5-2.2mdk.i586.rpm
ae2ab6e8cd666f6171b682f69340e0df 8.0/SRPMS/mod_ssl-2.8.5-2.2mdk.src.rpm

Mandrake Linux 8.0/ppc:
53b213329a866d92c4a70273cf0b591d ppc/8.0/RPMS/mod_ssl-2.8.5-2.2mdk.ppc.rpm
ae2ab6e8cd666f6171b682f69340e0df ppc/8.0/SRPMS/mod_ssl-2.8.5-2.2mdk.src.rpm

Mandrake Linux 8.1:
020058f4fd26dc78480804caf5cd0044 8.1/RPMS/mod_ssl-2.8.5-2.1mdk.i586.rpm
8e9e7f26e64e15d4323e69cc9afad15e 8.1/SRPMS/mod_ssl-2.8.5-2.1mdk.src.rpm

Mandrake Linux 8.1/ia64:
59974b39c67f4e2773416349c8207d54 ia64/8.1/RPMS/mod_ssl-2.8.5-2.1mdk.ia64.rpm
8e9e7f26e64e15d4323e69cc9afad15e ia64/8.1/SRPMS/mod_ssl-2.8.5-2.1mdk.src.rpm

Corporate Server 1.0.1:
57b34a081cca5b85aae6c097d067316a 1.0.1/RPMS/mod_ssl-2.8.5-2.4mdk.i586.rpm
5189233df0f03cb8fe78675dc4b7b58b 1.0.1/SRPMS/mod_ssl-2.8.5-2.4mdk.src.rpm

Single Network Firewall 7.2:
27f5f01c9f3ec9fda3af4661fa84c9f5 snf7.2/RPMS/mod_ssl-2.8.4-4.2mdk.i586.rpm
5421309dd07559693f07800528561612 snf7.2/SRPMS/mod_ssl-2.8.4-4.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig <filename>

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security@linux-mandrake.com
________________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security@linux-mandrake.com>


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8iD4ymqjQ0CJFipgRApoOAKDHTMIWmVyawBQQ7EpuhcTsf3DFswCg8Avh
ivsKSso3VTP3qYIhaPKTAfA=
=JG5R
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  March 01, 2002 Updated: March 06, 2002

Status

Affected

Vendor Statement

Red Hat Linux 7.0, 7.1, 7.2 as well as Red Hat Secure Web Server 3.2 contain a vulnerable version of mod_ssl. However to exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. Users who use client certificate authentication would be wise to upgrade or switch to the superior shared memory session cache, shmcb, which is not vulnerable to this issue. Updated mod_ssl packages will be available shortly at the following URL. Users of the Red Hat Network can use the 'up2date' tool to update their systems at the same time.

http://www.redhat.com/support/errata/RHSA-2002-041.html

Version 3.0 and earlier of Red Hat Stronghold contain a vulnerable version of mod_ssl. Red Hat Stronghold is set by default to use the shmcb session cache (also known as c2shm) which is not vulnerable to this issue. Updates to Stronghold will be available shortly.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.