Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: mod_ssl Buffer Overflow Condition (Update Available)
From: Ben Laurie <ben () algroup co uk>
Date: Fri, 01 Mar 2002 10:28:36 +0000
Ed Moyle wrote:


mod_ssl Buffer Overflow Condition (Update Available)
--------------------------------------------------------

SYNOPSIS

mod_ssl (www.modssl.org) is a commonly used Apache module that
provides strong cryptography for the Apache web server.  The
module utilizes OpenSSL (formerly SSLeay) for the SSL implementation.
modssl versions prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the
underlying OpenSSL routines in a manner which could overflow a buffer
within the implementation.  This situation appears difficult to
exploit in a production environment, however, for reasons detailed
below.


Ooops! Apologies, I misread my code. Apache-SSL is, in fact, vulnerable
to this flaw. I'll be issuing an advisory shortly.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]