SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Mod_ssl Vendors:   Modssl.org
(Red Hat Issues Fix) Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
SecurityTracker Alert ID:  1015449
SecurityTracker URL:  http://securitytracker.com/id/1015449
CVE Reference:   CVE-2005-3357   (Links to External Site)
Date:  Jan 6 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Apache mod_ssl. A remote user can cause the server to crash in certain cases.

When an SSL virtual host is configured with access control and a custom 400 error document, a remote user can send a specially crafted request to trigger a null pointer dereference. This may cause the server to crash when using the non-default worker
Multi-Processing Module.

The original bug report is available at:

http://issues.apache.org/bugzilla/show_bug.cgi?id=37791

Hartmut Keil reported this vulnerability.

Impact:   A remote user can cause denial of service conditions on the target system.
Solution:   Red Hat has released a fix.

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm
5fb40d08b 35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

ia64:
9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm
eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm
5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm

ppc:
463c75e6ea66006c222c769c133bc4a0 httpd-2.0.46-56.ent.ppc.rpm
fbfa43b0915f7593b0b53b060ccaa5f8 httpd-devel-2.0.46-56.ent.ppc.rpm
a9c64df8a73025eca98e931dd074b69a mod_ssl-2.0.46-56.ent.ppc.rpm

s390:
fe25eb28019d8d9a3a75b87eb60dbfe9 httpd-2.0.46-56.ent.s390.rpm
21a7aab2c525ea1f61528823f440c1ab httpd-devel-2.0.46-56.ent.s390.rpm
4bec0fb1ba74b43121cba95fcbc54430 mod_ssl-2.0.46-56.ent.s390.rpm

s390x:
1f0093a5d44fa75ad8d5dff12f6a8f81 httpd-2.0.46-56.ent.s390x.rpm
e005b654914be004d22d456c3f7cd9f1 httpd-devel-2.0.46-56.ent.s390x.rpm
ed206f46043e55028a3a1ec63f516042 mod_ssl-2.0.46-56.ent.s390x.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm
5fb40d08b 35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm
5f b40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

ia64:
9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm
eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm
5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm
5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm

i386:
58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm
7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm
fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm

ia64:
9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm
eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm
5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm

x86_64:
19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm
204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm
770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

ia64:
c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm
10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm
adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm
38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm
fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm

ppc:
1fef1c2e4c3e8796c8d29f1a8b4288f2 httpd-2.0.52-22.ent.ppc.rpm
756f217a147ae442b5b60612c42a6e80 httpd-devel-2.0.52-22.ent.ppc.rpm
d8f0dd7e832cad4efa48333ed1d649af httpd-manual-2.0.52-22.ent.ppc.rpm
3a466a4bceadf2fcc1994206481062a6 httpd-suexec-2.0.52-22.ent.ppc.rpm
a293bf05ecae2c4b192d5ec3dfcbb98d mod_ssl-2.0.52-22.ent.ppc.rpm

s390:
c9aee197a528745c6c8590f7605b1643 httpd-2.0.52-22.ent.s390.rpm
9f8f303a60b8b52a5a1c4be911df9212 httpd-devel-2.0.52-22.ent.s390.rpm
f3107dc3d74f773f21854fc94e2eca2d httpd-manual-2.0.52-22.ent.s390.rpm
4f3d8737a2656298e7b2b867b0f35d2a httpd-suexec-2.0.52-22.ent.s390.rpm
e78eb4e3946b778fcd3a8fd650c1cc02 mod_ssl-2.0.52-22.ent.s390.rpm

s390x:
c175a4c5c89597afd57932e6e08f5755 httpd-2.0.52-22.ent.s390x.rpm
f894f7f71f4ab719d09812bb794f37df httpd-devel-2.0.52-22.ent.s390x.rpm
da94d5e68605db9f5c4c801e853e60ad httpd-manual-2.0.52-22.ent.s390x.rpm
350bbc702110c42e1cf95787168d63b1 httpd-suexec-2.0.52-22.ent.s390x.rpm
321b95391c4d73b76fb632db96fec976 mod_ssl-2.0.52-22.ent.s390x.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-22.ent.s rc.rpm
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05 f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm
17 58c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

ia64:
c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm
10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm
adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm
38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm
fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm
1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm

i386:
64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm
7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm
5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm
4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm
97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm

ia64:
c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm
10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm
adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm
38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm
fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm

x86_64:
e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm
95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm
f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm
dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm
8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm

The vendor's advisory is available at:

http://rhn.redhat.com/errata/RHSA-2006-0159.html

Vendor URL:  www.modssl.org/ (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  3, 4

Message History:   This archive entry is a follow-up to the message listed below.
Jan 6 2006 Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC