SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware Vendors:   VMware
(VMware Issues Fix) mod_ssl Format String Error in 'ssl_engine_ext' May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012918
SecurityTracker URL:  http://securitytracker.com/id/1012918
CVE Reference:   CVE-2004-0700   (Links to External Site)
Date:  Jan 18 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A format string vulnerability was reported in mod_ssl. In certain cases where Apache mod_proxy is also used, a remote user may be able to cause arbitrary code to be executed on the target user's system. VMware is affected.

Ralf S. Engelschall reported that if Apache is used as a proxy and an HTTPS URL such as 'https://foo%s.example.com/' is supplied and a hostname 'foo%s' exists in the 'example.com' zone, the flaw can reportedly be triggered.

The flaw reportedly resides in an error message call in 'ssl_engine_ext.c'.

The report credits Virulent <virulent@siyahsapka.org> with reporting a similar bug (that was reportedly not exploitable) and triggering a review of the code.

Impact:   A remote user may be able to cause arbitrary code to be executed on the target system in certain cases.
Solution:   VMware has issued a fix for the VMware ESX Server.

VMware ESX Server 2.1.2 Security Update:

http://www.vmware.com/download/esx/esx212-10921update.html


VMware ESX Server 2.0.1 Patch 1 Security Update:

http://www.vmware.com/download/esx/esx201-11429update.html

VMware ESX Server 1.5.2 Patch 6 Security Update:

http://www.vmware.com/download/esx/esx152-10816update.html

Cause:   Input validation error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Jul 16 2004 mod_ssl Format String Error in 'ssl_engine_ext' May Let Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC