Vulnerability Bulletins

int(840)

Vulnerability Bulletins

Desbordamiento de búfer en el módulo mod_SSL para Apache
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	mod_SSL 2.x - Apache 2.0.x mod_SSL 2.x - Apache 1.3.x
Description
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en las versiones 2.x del módulo mod_ssl para Apache (tanto la rama 1.3 como la rama 2.0). La vulnerabilidad se da en la función ssl_util_uuencode_binary() a la hora de manejar el certificado del cliente si la opción "FakeBasicAuth" está habilitada. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio o la ejecución remota de código mediante el uso de un certificado especialmente diseñado y una CA en la que confíe el servidor.
Solution
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software mod_SSL Apache 1.3.31 - mod_SSL 2.8.18 http://www.modssl.org/source/mod_ssl-2.8.18-1.3.31.tar.gz Apache 2.0.50 http://httpd.apache.org/download.cgi Mandrake Linux - Apache2 Mandrakelinux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-common-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-devel-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-manual-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-mod_dav-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-mod_ldap-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-mod_ssl-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-modules-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache2-source-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/libapr0-2.0.47-1.8.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/apache2-2.0.47-1.8.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-common-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-devel-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-manual-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-mod_dav-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-mod_ldap-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-mod_ssl-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-modules-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache2-source-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/libapr0-2.0.47-1.8.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/apache2-2.0.47-1.8.91mdk.src.rpm Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-common-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-devel-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-manual-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_cache-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_dav-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_deflate-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_ldap-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_proxy-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-mod_ssl-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-modules-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache2-source-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/libapr0-2.0.47-6.5.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache2-2.0.47-6.5.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-common-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-devel-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-manual-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-modules-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache2-source-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/lib64apr0-2.0.47-6.5.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache2-2.0.47-6.5.92mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-common-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-devel-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-manual-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_cache-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_dav-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_deflate-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_ldap-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_proxy-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-mod_ssl-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-modules-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache2-source-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libapr0-2.0.48-6.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache2-2.0.48-6.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-common-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-devel-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-manual-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-modules-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache2-source-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64apr0-2.0.48-6.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/apache2-2.0.48-6.2.100mdk.src.rpm Mandrake Linux - mod_SSL Mandrakelinux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mod_ssl-2.8.12-8.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/mod_ssl-2.8.12-8.1.91mdk.src.rpm Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mod_ssl-2.8.15-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/mod_ssl-2.8.15-1.1.92mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mod_ssl-2.8.16-1.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/mod_ssl-2.8.16-1.1.100mdk.src.rpm Mandrake Multi Network Firewall 8.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/mod_ssl-2.8.7-3.3.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/mod_ssl-2.8.7-3.3.M82mdk.src.rpm Mandrake Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mod_ssl-2.8.10-5.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/mod_ssl-2.8.10-5.3.C21mdk.src.rpm OpenBSD OpenBSD 3.4 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/025_httpd3.patch OpenBSD 3.5 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/013_httpd.patch Red Hat Linux Red Hat Enterprise Linux AS (v. 2.1) SRPMS apache-1.3.27-8.ent.src.rpm mod_ssl-2.8.12-4.src.rpm i386 apache-1.3.27-8.ent.i386.rpm apache-devel-1.3.27-8.ent.i386.rpm apache-manual-1.3.27-8.ent.i386.rpm mod_ssl-2.8.12-4.i386.rpm ia64 apache-1.3.27-8.ent.ia64.rpm apache-devel-1.3.27-8.ent.ia64.rpm apache-manual-1.3.27-8.ent.ia64.rpm mod_ssl-2.8.12-4.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS apache-1.3.27-8.ent.src.rpm mod_ssl-2.8.12-4.src.rpm i386 apache-1.3.27-8.ent.i386.rpm apache-devel-1.3.27-8.ent.i386.rpm apache-manual-1.3.27-8.ent.i386.rpm mod_ssl-2.8.12-4.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS apache-1.3.27-8.ent.src.rpm mod_ssl-2.8.12-4.src.rpm i386 apache-1.3.27-8.ent.i386.rpm apache-devel-1.3.27-8.ent.i386.rpm apache-manual-1.3.27-8.ent.i386.rpm mod_ssl-2.8.12-4.i386.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS apache-1.3.27-8.ent.src.rpm mod_ssl-2.8.12-4.src.rpm ia64 apache-1.3.27-8.ent.ia64.rpm apache-devel-1.3.27-8.ent.ia64.rpm apache-manual-1.3.27-8.ent.ia64.rpm mod_ssl-2.8.12-4.ia64.rpm https://rhn.redhat.com/ Red Hat Desktop (v. 3) AMD64 httpd-2.0.46-32.ent.3.x86_64.rpm httpd-devel-2.0.46-32.ent.3.x86_64.rpm mod_ssl-2.0.46-32.ent.3.x86_64.rpm SRPMS httpd-2.0.46-32.ent.3.src.rpm i386 httpd-2.0.46-32.ent.3.i386.rpm httpd-devel-2.0.46-32.ent.3.i386.rpm mod_ssl-2.0.46-32.ent.3.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 httpd-2.0.46-32.ent.3.x86_64.rpm httpd-devel-2.0.46-32.ent.3.x86_64.rpm mod_ssl-2.0.46-32.ent.3.x86_64.rpm SRPMS httpd-2.0.46-32.ent.3.src.rpm i386 httpd-2.0.46-32.ent.3.i386.rpm httpd-devel-2.0.46-32.ent.3.i386.rpm mod_ssl-2.0.46-32.ent.3.i386.rpm ia64 httpd-2.0.46-32.ent.3.ia64.rpm httpd-devel-2.0.46-32.ent.3.ia64.rpm mod_ssl-2.0.46-32.ent.3.ia64.rpm ppc httpd-2.0.46-32.ent.3.ppc.rpm httpd-devel-2.0.46-32.ent.3.ppc.rpm mod_ssl-2.0.46-32.ent.3.ppc.rpm s390 httpd-2.0.46-32.ent.3.s390.rpm httpd-devel-2.0.46-32.ent.3.s390.rpm mod_ssl-2.0.46-32.ent.3.s390.rpm s390x httpd-2.0.46-32.ent.3.s390x.rpm httpd-devel-2.0.46-32.ent.3.s390x.rpm mod_ssl-2.0.46-32.ent.3.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 httpd-2.0.46-32.ent.3.x86_64.rpm httpd-devel-2.0.46-32.ent.3.x86_64.rpm mod_ssl-2.0.46-32.ent.3.x86_64.rpm SRPMS httpd-2.0.46-32.ent.3.src.rpm i386 httpd-2.0.46-32.ent.3.i386.rpm httpd-devel-2.0.46-32.ent.3.i386.rpm mod_ssl-2.0.46-32.ent.3.i386.rpm ia64 httpd-2.0.46-32.ent.3.ia64.rpm httpd-devel-2.0.46-32.ent.3.ia64.rpm mod_ssl-2.0.46-32.ent.3.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 httpd-2.0.46-32.ent.3.x86_64.rpm httpd-devel-2.0.46-32.ent.3.x86_64.rpm mod_ssl-2.0.46-32.ent.3.x86_64.rpm SRPMS httpd-2.0.46-32.ent.3.src.rpm i386 httpd-2.0.46-32.ent.3.i386.rpm httpd-devel-2.0.46-32.ent.3.i386.rpm mod_ssl-2.0.46-32.ent.3.i386.rpm ia64 httpd-2.0.46-32.ent.3.ia64.rpm httpd-devel-2.0.46-32.ent.3.ia64.rpm mod_ssl-2.0.46-32.ent.3.ia64.rpm https://rhn.redhat.com/ Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.dsc http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.diff.gz http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz Componentes independientes de arquitectura http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.4_all.deb ARM http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_ia64.deb HP Precision http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_sparc.deb HP-UX B.11.04 Virtualvault A.04.70: instale los parches PHSS_30944 (actualización de Virtualvault 4.7 IWS) y PHSS_31058 (actualización de Virtualvault 4.7 OWS) Virtualvault A.04.60: instale los parches PHSS_30946 (actualización de Virtualvault 4.6 IWS) y PHSS_31057 (actualización de Virtualvault 4.6 OWS) Virtualvault A.04.50: instale los parches PHSS_30647 (actualización de Virtualvault 4.5 IWS) y PHSS_30648 (actualización de Virtualvault 4.5 OWS) Webproxy A.02.10: instale el parche PHSS_30950 (actualización de Webproxy server 2.1) Webproxy A.02.00: instale el parche PHSS_30949 (actualización de Webproxy server 2.0) http://software.hp.com Apple Mac OS X Server 10.2.8 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_2_8_Server).html Mac OS X Server 10.3.4 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_4_Server).html Mac OS X Server 10.3.5 http://www.apple.com/support/downloads//securityupdate_2004-09-07_(10_3_5_Server).html HP OpenVMS 7.2-2 CSWS 1.2 (Alpha) CSWS 1.2 Update 8 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html CSWS 1.3 (Alpha) CSWS 1.3 Update 6 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html CSWS 2.0 (Alpha) CSWS 2.0 Update 1 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html CSWS_PHP 1.2 (Alpha) CSWS_PHP 1.2 Update 1 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html
Standar resources
Property	Value
CVE	CAN-2004-0488
BID
Other resources
Secunia Advisory SA11534 http://secunia.com/advisories/11534/ Mandrakesoft Security Advisories MDKSA-2004:055 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:055 Mandrakesoft Security Advisories MDKSA-2004:054 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:054 OpenBSD Security Advisories http://www.openbsd.org/security.html Red Hat Security Advisory RHSA-2004:245-14 https://rhn.redhat.com/errata/RHSA-2004-245.html Red Hat Security Advisory RHSA-2004:342-10 https://rhn.redhat.com/errata/RHSA-2004-342.html Debian Security Advisory DSA 532-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00134.html Debian Security Advisory DSA 532-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00137.html HP Security Advisory HPSBUX01064 http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01064 HP Security Advisory HPSBUX01068 http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01068 HP SECURITY BULLETIN HPSBOV01083 http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBOV01083 Apple Security Update 2004-09-07 http://docs.info.apple.com/article.html?artnum=61798

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-06-01
1.1	Avisos emitidos por Mandrake (MDKSA-2004:055 y MDKSA-2004:054)	2004-06-02
1.2	Aviso emitido por OpenBSD	2004-06-14
1.3	Aviso emitido por Red Hat (RHSA-2004:245-14)	2004-06-15
1.4	Publicado Apache 2.0.50	2004-07-02
1.5	Aviso emitido por Red Hat (RHSA-2004:342-10)	2004-07-06
1.6	Aviso emitido por Debian (DSA 532-1)	2004-07-23
1.7	Aviso actualizado por Debian (DSA 532-2)	2004-07-28
1.8	Avisos emitidos por HP (HPSBUX01064, HPSBUX01068)	2004-08-13
1.9	Aviso emitido por Apple (2004-09-07)	2004-09-08
1.10	Aviso emitido por HP (HPSBOV01083)	2004-10-14

Vulnerability Bulletins

Desbordamiento de búfer en el módulo mod_SSL para Apache

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history