| VID |
22021 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of mod_ssl on the web server is vulnerable to an off by one buffer overflow, which may allow a local user with write access to .htaccess files to execute abritrary code on the system with permissions of the web server.
Mod_SSL provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.
An off-by-one issue exists in mod_ssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by default, it is popular as it allows non-privileged users to create web access control schemes for hosted sites, and is enabled through the "AllowOverride" configuration variable in Apache. A .htaccess file with 10000 or more bytes set into the variable DATE_LOCALE will result in a buffer overflow within the web server process handling the request.
Affected Platforms:
* mod_ssl version 2.8.9 and earlier
* References:
http://www.iss.net/security_center/static/9415.php |
| Recommendation |
As a temporary workaround, disallow per-directory configuration files by only having "AllowOverride None" directives in your httpd.conf file, and restart the web server.
Fixes have been made available. Upgrade to version 2.8.10 or newer available from:
http://www.modssl.org/ |
| Related URL |
CVE-2002-0653 (CVE) |
| Related URL |
5084 (SecurityFocus) |
| Related URL |
(ISS) |
|
