Mod_SSL Off-By-One HTAccess Buffer Overflow Vulnerability

Solution:
Trustix has issued upgraded versions of Apache that include fixed versions of mod_ssl.

Debian strongly recommends upgrading to fixed versions of mod_ssl.

HP has released a patch for HP Secure OS Software for Linux.

SuSE has released an advisory with fixes to address this issue. See the attached advisory (SuSE-SA:2002:028) for further details.

Apple has included a fix in Security Update 2002-08-02 for MacOS X 10.1.5. Additionally, Apple has released Security Update 2002-08-23 to address Mac OS X 10.2 (Jaguar).

FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.

Sun has revised their advisory. This issue has been resolved in the following packages:

Sun Cobalt RaQ3(3000R) and RaQ3-All-Security-4.0.1-1-15787.pkg
Sun Cobalt ManageRaQ3(3000R-mr) and RaQ3-All-Security-4.0.1-1-15787.pkg
Sun Cobalt RaQ4(3001R) and RaQ4-All-Security-2.0.1-2-15787.pkg
Sun Cobalt RaQ XTR(3500R) and RaQXTR-All-Security-1.0.1-15787.pkg
Sun Cobalt Qube3(4000WG) and Qube3-All-Security-4.0.1-15787.pkg
Sun Cobalt RaQ 550 (4100R) and RaQ550-All-Security-0.0.1-15787.pkg

Engarde has released a security advisory (ESA-20020702-017) which contains fixes addressing this issue. Information on how to obtain and apply fixes can be found in the attached advisory.

Fixes have been made available:


Apple Mac OS X 10.1.5

Apple Mac OS X 10.2

mod_ssl mod_ssl 2.4.10

mod_ssl mod_ssl 2.8.4

mod_ssl mod_ssl 2.8.5

mod_ssl mod_ssl 2.8.6

mod_ssl mod_ssl 2.8.7

mod_ssl mod_ssl 2.8.8

mod_ssl mod_ssl 2.8.9


 

Privacy Statement
Copyright 2010, SecurityFocus