• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mod_SSL Wildcard DNS Cross Site Scripting Vulnerability

Solution:
Debian has released an advisory containing fixes.

Conectiva Linux has released a security advisory containing fixes. Further information can be obtained from the referenced advisory.

RedHat has released a security advisory (RHSA-2002:222-21) which contains fixes that address this issue. Further details can be obtained from the referenced advisory.

Fixes:


OpenPKG OpenPKG Current

• OpenPKG apache-1.3.27-20021023.src.rpm
  ftp://ftp.openpkg.org/current/SRC/apache-1.3.27-20021023.src.rpm

Sun Cobalt RaQ 550

• Sun RaQ550-All-Security-0.0.1-16343.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq550/all/RaQ550-All-Security- 0.0.1-16343.pkg

Sun Cobalt Qube 3

• Sun Qube3-All-Security-4.0.1-16343.pkg
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16343.pkg

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.1-16343.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16343.pkg

Sun Cobalt RaQ XTR

• Sun RaQ550-All-Security-0.0.1-16343.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq550/all/RaQ550-All-Security- 0.0.1-16343.pkg


• Sun RaQXTR-All-Security-1.0.1-16343.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16343.pkg

OpenPKG OpenPKG 1.0

• OpenPKG apache-1.3.22-1.0.6.src.rpm
  ftp://ftp.openpkg.org/release/1.0/UPD/apache-1.3.22-1.0.6.src.rpm

EnGarde Secure Linux 1.0.1

• EnGarde Secure Linux apache-1.3.27-1.0.33.i386.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/apache-1.3. 27-1.0.33.i386.rpm


• EnGarde Secure Linux apache-1.3.27-1.0.33.i686.rpm
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i686/apache-1.3. 27-1.0.33.i686.rpm

OpenPKG OpenPKG 1.1

• OpenPKG apache-1.3.26-1.1.2.src.rpm
  ftp://ftp.openpkg.org/release/1.1/UPD/apache-1.3.26-1.1.2.src.rpm

Apache Software Foundation Apache 1.3.22

• OpenPKG apache-1.3.22-1.0.6.src.rpm
  ftp://ftp.openpkg.org/release/1.0/UPD/apache-1.3.22-1.0.6.src.rpm


• RedHat apache-1.3.27-1.6.2.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/apache-1.3.27-1.6.2.alpha.rpm


• RedHat apache-1.3.27-1.6.2.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/apache-1.3.27-1.6.2.i386.rpm


• RedHat apache-1.3.27-1.6.2.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/apache-1.3.27-1.6.2.sparc.rpm


• RedHat apache-1.3.27-1.7.1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/apache-1.3.27-1.7.1.alpha.rpm


• RedHat apache-1.3.27-1.7.1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/apache-1.3.27-1.7.1.i386.rpm


• RedHat apache-1.3.27-1.7.1.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/apache-1.3.27-1.7.1.ia64.rpm


• RedHat apache-1.3.27-1.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/apache-1.3.27-1.7.2.i386.rpm


• RedHat apache-1.3.27-1.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/apache-1.3.27-1.7.2.ia64.rpm


• RedHat apache-1.3.27-2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/apache-1.3.27-2.i386.rpm


• RedHat apache-devel-1.3.27-1.6.2.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/apache-devel-1.3.27-1.6.2.alp ha.rpm


• RedHat apache-devel-1.3.27-1.6.2.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/apache-devel-1.3.27-1.6.2.i386 .rpm


• RedHat apache-devel-1.3.27-1.6.2.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/apache-devel-1.3.27-1.6.2.spa rc.rpm


• RedHat apache-devel-1.3.27-1.7.1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/apache-devel-1.3.27-1.7.1.alp ha.rpm


• RedHat apache-devel-1.3.27-1.7.1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/apache-devel-1.3.27-1.7.1.i386 .rpm


• RedHat apache-devel-1.3.27-1.7.1.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/apache-devel-1.3.27-1.7.1.ia64 .rpm


• RedHat apache-devel-1.3.27-1.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/apache-devel-1.3.27-1.7.2.i386 .rpm


• RedHat apache-devel-1.3.27-1.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/apache-devel-1.3.27-1.7.2.ia64 .rpm


• RedHat apache-devel-1.3.27-2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/apache-devel-1.3.27-2.i386.rpm


• RedHat apache-manual-1.3.27-1.6.2.alpha.rpm
  ftp://updates.redhat.com/6.2/en/os/alpha/apache-manual-1.3.27-1.6.2.al pha.rpm


• RedHat apache-manual-1.3.27-1.6.2.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/apache-manual-1.3.27-1.6.2.i38 6.rpm


• RedHat apache-manual-1.3.27-1.6.2.sparc.rpm
  ftp://updates.redhat.com/6.2/en/os/sparc/apache-manual-1.3.27-1.6.2.sp arc.rpm


• RedHat apache-manual-1.3.27-1.7.1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/apache-manual-1.3.27-1.7.1.al pha.rpm


• RedHat apache-manual-1.3.27-1.7.1.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/apache-manual-1.3.27-1.7.1.i38 6.rpm


• RedHat apache-manual-1.3.27-1.7.1.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/apache-manual-1.3.27-1.7.1.ia6 4.rpm


• RedHat apache-manual-1.3.27-1.7.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/apache-manual-1.3.27-1.7.2.i38 6.rpm


• RedHat apache-manual-1.3.27-1.7.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/apache-manual-1.3.27-1.7.2.ia6 4.rpm


• RedHat apache-manual-1.3.27-2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/apache-manual-1.3.27-2.i386.rp m


• RedHat mod_ssl-2.0.40-11.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.i386.rpm


• RedHat mod_ssl-2.8.12-1.7.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/mod_ssl-2.8.12-1.7.alpha.rpm


• RedHat mod_ssl-2.8.12-1.7.alpha.rpm
  ftp://updates.redhat.com/7.1/en/os/alpha/mod_ssl-2.8.12-1.7.alpha.rpm


• RedHat mod_ssl-2.8.12-1.7.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/mod_ssl-2.8.12-1.7.i386.rpm


• RedHat mod_ssl-2.8.12-1.7.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/mod_ssl-2.8.12-1.7.i386.rpm


• RedHat mod_ssl-2.8.12-1.7.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/mod_ssl-2.8.12-1.7.ia64.rpm


• RedHat mod_ssl-2.8.12-2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mod_ssl-2.8.12-2.i386.rpm


• RedHat mod_ssl-2.8.12-2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mod_ssl-2.8.12-2.ia64.rpm

Apache Software Foundation Apache 1.3.23

• RedHat mod_ssl-2.8.12-2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mod_ssl-2.8.12-2.i386.rpm

Apache Software Foundation Apache 2.0.40

• RedHat mod_ssl-2.0.40-11.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.i386.rpm

Conectiva Linux 6.0

• Conectiva apache-1.3.26-1U60_5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/apache-1.3.26-1U60_5cl.i3 86.rpm


• Conectiva apache-1.3.26-1U60_5cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/apache-1.3.26-1U60_5cl.s rc.rpm


• Conectiva apache-devel-1.3.26-1U60_5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/apache-devel-1.3.26-1U60_ 5cl.i386.rpm


• Conectiva apache-doc-1.3.26-1U60_5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/apache-doc-1.3.26-1U60_5c l.i386.rpm

Conectiva Linux 7.0

• Conectiva apache-1.3.26-1U70_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-1.3.26-1U70_8cl.i3 86.rpm


• Conectiva apache-1.3.26-1U70_8cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/apache-1.3.26-1U70_8cl.s rc.rpm


• Conectiva apache-devel-1.3.26-1U70_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-devel-1.3.26-1U70_ 8cl.i386.rpm


• Conectiva apache-doc-1.3.26-1U70_8cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-doc-1.3.26-1U70_8c l.i386.rpm

MandrakeSoft Single Network Firewall 7.2

• MandrakeSoft mod_ssl-2.8.4-5.2mdk.i586.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/snf7.2/RPMS/mod_ssl-2. 8.4-5.2mdk.i586.rpm


• MandrakeSoft mod_ssl-2.8.4-5.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/snf7.2/SRPMS/mod_ssl-2 .8.4-5.2mdk.src.rpm

MandrakeSoft Linux Mandrake 7.2

• MandrakeSoft mod_ssl-2.8.5-3.2mdk.i586.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/7.2/RPMS/mod_ssl-2.8.5 -3.2mdk.i586.rpm


• MandrakeSoft mod_ssl-2.8.5-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/7.2/SRPMS/mod_ssl-2.8. 5-3.2mdk.src.rpm

Conectiva Linux 8.0

• Conectiva apache-1.3.26-1U80_5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-1.3.26-1U80_5cl.i386 .rpm


• Conectiva apache-1.3.26-1U80_5cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/apache-1.3.26-1U80_5cl.src .rpm


• Conectiva apache-devel-1.3.26-1U80_5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-devel-1.3.26-1U80_5c l.i386.rpm


• Conectiva apache-doc-1.3.26-1U80_5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/apache-doc-1.3.26-1U80_5cl. i386.rpm

MandrakeSoft Linux Mandrake 8.0 ppc

• MandrakeSoft mod_ssl-2.8.5-3.2mdk.ppc.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/8.0/RPMS/mod_ssl-2 .8.5-3.2mdk.ppc.rpm


• MandrakeSoft mod_ssl-2.8.5-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/8.0/SRPMS/mod_ssl- 2.8.5-3.2mdk.src.rpm

MandrakeSoft Linux Mandrake 8.0

• MandrakeSoft mod_ssl-2.8.5-3.2mdk.i586.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/8.0/RPMS/mod_ssl-2.8.5 -3.2mdk.i586.rpm


• MandrakeSoft mod_ssl-2.8.5-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/8.0/SRPMS/mod_ssl-2.8. 5-3.2mdk.src.rpm

MandrakeSoft Linux Mandrake 8.1 ia64

• MandrakeSoft mod_ssl-2.8.5-3.2mdk.ia64.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/ia64/8.1/RPMS/mod_ssl- 2.8.5-3.2mdk.ia64.rpm


• MandrakeSoft mod_ssl-2.8.5-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/ia64/8.1/SRPMS/mod_ssl -2.8.5-3.2mdk.src.rpm

MandrakeSoft Linux Mandrake 8.1

• MandrakeSoft mod_ssl-2.8.5-3.2mdk.i586.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/8.1/RPMS/mod_ssl-2.8.5 -3.2mdk.i586.rpm


• MandrakeSoft mod_ssl-2.8.5-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/8.1/SRPMS/mod_ssl-2.8. 5-3.2mdk.src.rpm

MandrakeSoft Linux Mandrake 8.2 ppc

• MandrakeSoft mod_ssl-2.8.7-3.2mdk.ppc.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/8.2/RPMS/mod_ssl-2 .8.7-3.2mdk.ppc.rpm


• MandrakeSoft mod_ssl-2.8.7-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/ppc/8.2/SRPMS/mod_ssl- 2.8.7-3.2mdk.src.rpm

MandrakeSoft Linux Mandrake 8.2

• MandrakeSoft mod_ssl-2.8.7-3.2mdk.i586.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/8.2/RPMS/mod_ssl-2.8.7 -3.2mdk.i586.rpm


• MandrakeSoft mod_ssl-2.8.7-3.2mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/8.2/SRPMS/mod_ssl-2.8. 7-3.2mdk.src.rpm

MandrakeSoft Linux Mandrake 9.0

• MandrakeSoft mod_ssl-2.8.10-5.1mdk.i586.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.0/RPMS/mod_ssl-2.8.1 0-5.1mdk.i586.rpm


• MandrakeSoft mod_ssl-2.8.10-5.1mdk.src.rpm
  ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.0/SRPMS/mod_ssl-2.8. 10-5.1mdk.src.rpm