Conectiva Local Security Checks : Conectiva Security Advisory CLA-2002:465

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51502

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2002:465

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2002:465.

mod_ssl[1] is an Apache module which enables the use of encrypted
connections (https://) to the web server and other crypto-related
functions.

Ed Moyle announced[2] a buffer overflow
vulnerability[3] in the mod_ssl module. This module is not part of
the apache distribution, but is bundled and enabled by default in the
Conectiva Linux Apache packages.

A remote attacker could exploit this vulnerability and execute
arbitrary commands on the server running apache with this module
enabled. A probable way to explore this is via client certificate
authentication, where the attacker would use a specially crafted
certificate to overflow this buffer. Since this vulnerability happens
only after the client certificate has been checked, this means that
it would have to be signed by a CA accepted by the apache server.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:465
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51502
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2002:465
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2002:465. mod_ssl[1] is an Apache module which enables the use of encrypted connections (https://) to the web server and other crypto-related functions. Ed Moyle announced[2] a buffer overflow vulnerability[3] in the mod_ssl module. This module is not part of the apache distribution, but is bundled and enabled by default in the Conectiva Linux Apache packages. A remote attacker could exploit this vulnerability and execute arbitrary commands on the server running apache with this module enabled. A probable way to explore this is via client certificate authentication, where the attacker would use a specially crafted certificate to overflow this buffer. Since this vulnerability happens only after the client certificate has been checked, this means that it would have to be signed by a CA accepted by the apache server. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:465 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com