Debian Security Advisory

DSA-120-1 mod_ssl -- buffer overflow

Date Reported:
10 Mar 2002
Affected Packages:
libapache-mod-ssl, apache-ssl
Security database references:
In Mitre's CVE dictionary: CVE-2002-0082.
More information:

Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl. With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks.

To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server.

This problem has been fixed in version of Apache-SSL and version 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable Debian distribution as well as in version of Apache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing and unstable distribution of Debian.

We recommend that you upgrade your Apache-SSL and mod_ssl packages.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Architecture-independent component:
Intel ia32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.