Signature Detail
Short Name |
SSL:APACHE-MOD-SSL |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
Apache mod_ssl ssl_util_uuencode_binary Buffer Overflow |
Release Date |
2013/09/30 |
Update Number |
2303 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: Apache mod_ssl ssl_util_uuencode_binary Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Apache mod_ssl module. A successful attack can result in a denial-of-service condition on overflowing the buffer.
Extended Description
A stack-based buffer overflow has been reported in the Apache 'mod_ssl' module. This issue is exposed in utility code for uuencoding binary data. This issue would most likely result in a denial of service if triggered, but could theoretically allow arbitrary code to run. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, but this may not be the case with other architectures.
Affected Products
- Apache Software Foundation Apache 1.3.0
- Apache Software Foundation Apache 1.3.1
- Apache Software Foundation Apache 1.3.11
- Apache Software Foundation Apache 1.3.12
- Apache Software Foundation Apache 1.3.14
- Apache Software Foundation Apache 1.3.17
- Apache Software Foundation Apache 1.3.18
- Apache Software Foundation Apache 1.3.19
- Apache Software Foundation Apache 1.3.20
- Apache Software Foundation Apache 1.3.22
- Apache Software Foundation Apache 1.3.23
- Apache Software Foundation Apache 1.3.24
- Apache Software Foundation Apache 1.3.25
- Apache Software Foundation Apache 1.3.26
- Apache Software Foundation Apache 1.3.27
- Apache Software Foundation Apache 1.3.28
- Apache Software Foundation Apache 1.3.29
- Apache Software Foundation Apache 1.3.3
- Apache Software Foundation Apache 1.3.31
- Apache Software Foundation Apache 1.3.4
- Apache Software Foundation Apache 1.3.6
- Apache Software Foundation Apache 1.3.7 -Dev
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache 2.0.0
- Apache Software Foundation Apache 2.0.0 A9
- Apache Software Foundation Apache 2.0.28
- Apache Software Foundation Apache 2.0.28 Beta
- Apache Software Foundation Apache 2.0.32
- Apache Software Foundation Apache 2.0.35
- Apache Software Foundation Apache 2.0.36
- Apache Software Foundation Apache 2.0.37
- Apache Software Foundation Apache 2.0.38
- Apache Software Foundation Apache 2.0.39
- Apache Software Foundation Apache 2.0.40
- Apache Software Foundation Apache 2.0.41
- Apache Software Foundation Apache 2.0.42
- Apache Software Foundation Apache 2.0.43
- Apache Software Foundation Apache 2.0.44
- Apache Software Foundation Apache 2.0.45
- Apache Software Foundation Apache 2.0.46
- Apache Software Foundation Apache 2.0.47
- Apache Software Foundation Apache 2.0.48
- Apache Software Foundation Apache 2.0.49
- Apple Mac OS X 10.2.8
- Apple Mac OS X 10.3.4
- Apple Mac OS X 10.3.5
- Apple Mac OS X Server 10.2.8
- Apple Mac OS X Server 10.3.4
- Apple Mac OS X Server 10.3.5
- Debian Linux 3.0.0
- Debian Linux 3.0.0 Alpha
- Debian Linux 3.0.0 Arm
- Debian Linux 3.0.0 Hppa
- Debian Linux 3.0.0 Ia-32
- Debian Linux 3.0.0 Ia-64
- Debian Linux 3.0.0 M68k
- Debian Linux 3.0.0 Mips
- Debian Linux 3.0.0 Mipsel
- Debian Linux 3.0.0 Ppc
- Debian Linux 3.0.0 S/390
- Debian Linux 3.0.0 Sparc
- Gentoo Linux 1.4.0
- HP Compaq Secure Web Server for OpenVMS 1.2.0
- HP Compaq Secure Web Server for OpenVMS 1.3.0
- HP Compaq Secure Web Server for OpenVMS 2.0.0
- HP Compaq Secure Web Server for OpenVMS 2.0.0 PHP
- HP HP-UX B.11.00
- HP HP-UX B.11.11
- HP HP-UX B.11.22
- HP HP-UX B.11.23
- HP OpenVMS Secure Web Server 7.2.0 -2
- HP OpenVMS Secure Web Server 7.3.0
- HP OpenVMS Secure Web Server 7.3.0 -1
- HP OpenVMS Secure Web Server 7.3.0 -2
- HP VirtualVault A.04.50
- HP VirtualVault A.04.60
- HP VirtualVault A.04.70
- HP Webproxy A.02.00
- HP Webproxy A.02.10
- Mandriva Corporate Server 2.1.0
- Mandriva Corporate Server 2.1.0 X86 64
- Mandriva Linux Mandrake 10.0.0
- Mandriva Linux Mandrake 10.0.0 amd64
- Mandriva Linux Mandrake 9.1.0
- Mandriva Linux Mandrake 9.1.0 Ppc
- Mandriva Linux Mandrake 9.2.0
- Mandriva Linux Mandrake 9.2.0 amd64
- Mandriva Multi Network Firewall 2.0.0
- mod_ssl 2.8.10
- mod_ssl 2.8.12
- mod_ssl 2.8.15
- mod_ssl 2.8.16
- mod_ssl 2.8.7
- mod_ssl 2.8.9
- OpenBSD 3.4
- OpenBSD 3.5
- OpenBSD -Current
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Linux 7.3.0
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 7.3.0 I686
- Red Hat Network Proxy (for RHEL 3) 4.2
- Red Hat Network Proxy (for RHEL 4) 4.2
- Red Hat Stronghold 4.0.0
- SGI ProPack 2.4.0
- tinysofa enterprise server 1.0.0
- tinysofa enterprise server 1.0.0 -U1
- Trustix Secure Enterprise Linux 2.0.0
- Trustix Secure Linux 1.5.0
- Trustix Secure Linux 2.0.0
- Trustix Secure Linux 2.1.0
- Turbolinux Home
- Turbolinux Turbolinux Desktop 10.0.0
- Turbolinux Turbolinux Server 10.0.0
References
- BugTraq: 10355
- CVE: CVE-2004-0488