• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache mod_ssl Remote Denial of Service Vulnerability

Solution:
Turbolinux has released advisory TLSA-2005-01-13 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

HP has released an advisory (HPSBGN01091) and an update to fix this vulnerability and other vulnerabilities in Secure Web Server for Tru64 UNIX; the Secure Web Server product is based on Apache.

SuSE has released advisory SUSE-SA:2004:030 and fixes that eliminate this vulnerability. Please see the referenced advisory.

RedHat has released advisory RHSA-2004:463-09 along with fixes to address these issues for RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

Mandrake Linux has released an advisory (MDKSA-2004:096) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Trustix Secure Linux has released an advisory (TSLSA-2004-0047) along with fixes dealing with this, and other issues. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200409-21 to address this, and other issues. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=net-www/apache-2.0.51"
emerge ">=net-www/apache-2.0.51"
emerge -pv ">=net-www/mod_dav-1.0.3-r2"
emerge ">=net-www/mod_dav-1.0.3-r2"

Conectiva Linux has released advisory CLA-2004:868 along with fixes to address this, and other issues. Please see the referenced advisory for further information.

Red Hat Fedora has released an advisory (FEDORA-2004-313) along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Apache has released version 2.0.51, as well as a patch for previous versions:

HP has released an advisory (HPSBUX01090) to address various issues affecting HP-UX running Apache and PHP. Please see the referenced advisory for more information.

Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. Please see the referenced advisory for more information.


Apache Software Foundation Apache 2.0.47

• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz


• Apple SecUpd2004-12-02Jag.dmg
  For Mac OS X v10.2.8:
  http://www.apple.com/support/downloads/SecUpd2004-12-02Jag.dmg


• Apple SecUpd2004-12-02Pan.dmg
  For Mac OS X v10.3.6:
  http://www.apple.com/support/downloads/SecUpd2004-12-02Pan.dmg


• Apple SecUpdSrvr2004-12-02Jag.dmg
  For Mac OS X Server v10.2.8:
  http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Jag.dmg


• Apple SecUpdSrvr2004-12-02Pan.dmg
  For Mac OS X Server v10.3.6:
  http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Pan.dmg


• Mandrake apache2-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-common-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-common-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-devel-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-devel-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-manual-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-manual-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_dav-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_deflate-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_disk_cache-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_file_cache-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ldap-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_mem_cache-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_proxy-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ssl-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-modules-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-modules-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-source-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake apache2-source-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64apr0-2.0.47-6.9.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libapr0-2.0.47-6.9.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php

Apache Software Foundation Apache 2.0.50

• Apache Software Foundation ssl_engine_io.c patch
  http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io. c?r1=1.125&r2=1.126


• Apache Software Foundation httpd-2.0.51.tar.gz
  http://www.apache.org/dist/httpd/httpd-2.0.51.tar.gz

HP Tru64 UNIX Compaq Secure Web Server 4.0 F

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 4.0 G

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.0 A

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.1

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.1 A

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.8.1

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.8.2

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.9.1

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 5.9.2

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm

HP Tru64 UNIX Compaq Secure Web Server 6.3

• HP Secure Web Server 6.3.2a for Tru64 UNIX
  http://h30097.www3.hp.com/internet/download.htm