Apache-SSL optional client certificate vulnerability

From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...

DSA-188 apache-ssl - several vulnerabilities

Bulletin has no description...

CVE-2002-1233

CVE-2002-1233 applies to Debian’s apache-ssl packages, where a regression in Apache 1.3.27 and earlier (Debian 2.2 before 1.3.9, Debian 3.0 before 1.3.26) allows local attackers to read or modify the Apache password file via a symlink attack when running htpasswd or htdigest. The issue reintroduc...

CVE-2002-0082

CVE-2002-0082 affects mod_ssl and Apache-SSL where memory is not properly initialized during SSL_SESSION serialization (i2d_SSL_SESSION), enabling a remote attacker to trigger a buffer overflow with a large client certificate signed by a trusted CA. This can lead to arbitrary code execution on vu...

CVE-2002-0082

The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...

[SECURITY] [DSA-132-1] apache-ssl chunk handling vulnerability

Package : apache-ssl Problem type : remote DoS / exploit Debian-specific: no CVE name : CAN-2002-0392 CERT advisory : VU944335 Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for...

Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow

The remote host is using a version of Apache-SSL that is older than 1.3.22+1.46. Such versions are vulnerable to a buffer overflow that, albeit difficult to exploit, may allow an attacker to execute arbitrary commands on this host subject to the privileges under which the web server operates. C...

[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...

[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 120-1 [email protected] http://www.debian.org/security/ Martin Schulze March 10th, 2002 - -------------------------------------------------------------------------- Package :...

CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse...

CVE-2000-0791

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse...

CVE-2000-0791

CVE-2000-0791 describes a Trustix vulnerability where the httpsd binary (Apache-SSL) is installed with world-writeable permissions, enabling local users to replace it with a Trojan horse. The root cause is improper permissions on the httpsd executable, allowing local write access and substitution...

Trustix security advisory - apache-ssl

Hi Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a Trustix system will be installed with mode 756 instead of 755, making a binary file that will be run by root world writable. It should not be necessary to explain why this is an extremely bad thing. How this bug slipped...

Linux news 18.04.00

Linux Kernel 2.2.15pre19 Вышел очередной, девятнадцатый по счету, пререлиз нового стабильного ядра Linux Kernel 2.2.15. Подробнее:http://kernelnotes.org/lnxlists/linux-kernel/lk000403/msg00193.html QPopper 3.0 Вышла новая версия POP3 сервера для Unix. В ней добавлена поддержка PAM, RFC 2449,...