Apache HTTP Server mod_ssl ssl_log Function Format String

2004-07-16T00:00:00
ID OSVDB:7929
Type osvdb
Reporter virulent(virulent@siyahsapka.org)
Modified 2004-07-16T00:00:00

Description

Vulnerability Description

The mod_ssl ssl_log function in Apache contains a flaw that may allow an attacker to execute arbitrary messages. The issue is triggered due to a ssl_log() format string error within the 'mod_proxy' hook functions. It is possible that the flaw may allow an attacker to execute arbitrary messages via format string specifiers in certain log messages for HTTPS resulting in a loss of integrity.

Solution Description

Upgrade to version 2.8.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The mod_ssl ssl_log function in Apache contains a flaw that may allow an attacker to execute arbitrary messages. The issue is triggered due to a ssl_log() format string error within the 'mod_proxy' hook functions. It is possible that the flaw may allow an attacker to execute arbitrary messages via format string specifiers in certain log messages for HTTPS resulting in a loss of integrity.

References:

Vendor URL: http://www.modssl.org Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:16714 Secunia Advisory ID:12142 Secunia Advisory ID:12138 Secunia Advisory ID:12172 Secunia Advisory ID:12745 Secunia Advisory ID:12077 Secunia Advisory ID:12243 RedHat RHSA: RHSA-2004:408-05 Packet Storm: http://packetstormsecurity.org/0407-advisories/modsslFormat.txt Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000857 Other Advisory URL: http://www.ubuntulinux.org/usn/usn-177-1 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200407-18.xml Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00134.html Nessus Plugin ID:14173 Nessus Plugin ID:13651 Nessus Plugin ID:15509 ISS X-Force ID: 16705 CVE-2004-0700 CERT VU: 303448 Bugtraq ID: 10736