• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache 'mod_ssl' Log Function Format String Vulnerability

Solution:
Fixes are available. Please see the references for more information.


VMWare ESX Server 2.0.1

• VMWare esx-2.0.1-11429-upgrade.tar.gz
  http://vmware-svca.www.conxion.com/secured/esx/esx-2.0.1-11429-upgrade .tar.gz

VMWare ESX Server 2.1

• VMWare esx-2.1.2-10921-upgrade.tar.gz
  http://vmware-svca.www.conxion.com/secured/esx/esx-2.1.2-10921-upgrade .tar.gz

VMWare ESX Server 2.1.2

• VMWare esx-2.1.2-10921-upgrade.tar.gz
  http://vmware-svca.www.conxion.com/secured/esx/esx-2.1.2-10921-upgrade .tar.gz

mod_ssl mod_ssl 2.3.11

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4 .10

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.10

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.2

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.3

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.5

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.6

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.7

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.8

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.4.9

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.5 .0

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.5.1

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.6 .0

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.6.1

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.6.2

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.6.3

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.6.5

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.6.6

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.7 .0

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.7.1

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.1

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.1 -2

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.10

• Mandrake mod_ssl-2.8.10-5.4.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_ssl-2.8.10-5.4.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.12

• Mandrake mod_ssl-2.8.12-8.2.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_ssl-2.8.12-8.2.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz


• RedHat mod_ssl-2.8.12-6.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/mod_ssl-2.8.1 2-6.legacy.i386.rpm


• Slackware mod_ssl-2.8.19_1.3.31-i386-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m od_ssl-2.8.19_1.3.31-i386-1.tgz

mod_ssl mod_ssl 2.8.15

• Mandrake mod_ssl-2.8.15-1.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_ssl-2.8.15-1.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz


• Slackware mod_ssl-2.8.19_1.3.31-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m od_ssl-2.8.19_1.3.31-i486-1.tgz

mod_ssl mod_ssl 2.8.16

• Mandrake mod_ssl-2.8.16-1.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mod_ssl-2.8.16-1.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.17

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.2

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.3

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.4

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.5 -2

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.6

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.7

• Mandrake mod_ssl-2.8.7-3.4.M82mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2
  http://www.mandrakesecure.net/en/ftp.php


• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.8

• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz

mod_ssl mod_ssl 2.8.9

• Debian libapache-mod-ssl-doc_2.8.9-2.3_all.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl-doc_2.8.9-2.3_all.deb


• Debian libapache-mod-ssl_2.8.9-2.3_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_arm.deb


• Debian libapache-mod-ssl_2.8.9-2.3_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_hppa.deb


• Debian libapache-mod-ssl_2.8.9-2.3_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_i386.deb


• Debian libapache-mod-ssl_2.8.9-2.3_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_ia64.deb


• Debian libapache-mod-ssl_2.8.9-2.3_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_m68k.deb


• Debian libapache-mod-ssl_2.8.9-2.3_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_mips.deb


• Debian libapache-mod-ssl_2.8.9-2.3_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_mipsel.deb


• Debian libapache-mod-ssl_2.8.9-2.3_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_powerpc.deb


• Debian libapache-mod-ssl_2.8.9-2.3_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_s390.deb


• Debian libapache-mod-ssl_2.8.9-2.3_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_sparc.deb


• Debian libapache-mod-ssl_2.8.9-2.4_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_arm.deb


• Debian libapache-mod-ssl_2.8.9-2.4_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_hppa.deb


• Debian libapache-mod-ssl_2.8.9-2.4_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_i386.deb


• Debian libapache-mod-ssl_2.8.9-2.4_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_ia64.deb


• Debian libapache-mod-ssl_2.8.9-2.4_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_m68k.deb


• Debian libapache-mod-ssl_2.8.9-2.4_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_mips.deb


• Debian libapache-mod-ssl_2.8.9-2.4_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_mipsel.deb


• Debian libapache-mod-ssl_2.8.9-2.4_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_powerpc.deb


• Debian libapache-mod-ssl_2.8.9-2.4_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_s390.deb


• Debian libapache-mod-ssl_2.8.9-2.4_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_sparc.deb


• mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
  http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz


• Slackware mod_ssl-2.8.19_1.3.31-i386-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m od_ssl-2.8.19_1.3.31-i386-1.tgz