exploits , vulnerabilities , articles , Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability

Title	Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
Published	2005-07-12-12:00AM
Updated	2005-11-16-06:31PM
Class	Boundary Condition Error
CVE	CAN-2005-1268
Remote	Yes
Local	No
Credit	Discovery is credited to Marc Stern.
Vulnerable	Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 SP6 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. OpenEnterpriseServer 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 RedHat Fedora Core4 RedHat Fedora Core3 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 10.2 x86_64 MandrakeSoft Linux Mandrake 10.2 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for pSeries 3.3.2 IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for iSeries 3.3.2 HP HPUX 11.23 HP HPUX 11.11 HP HPUX 11.0 HP HPUX B.11.23 HP HPUX B.11.11 HP HPUX B.11.11 HP HPUX B.11.00 Conectiva Linux 10.0 Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.54 Debian Linux 3.1 Debian Linux 3.1 alpha Debian Linux 3.1 amd64 Debian Linux 3.1 arm Debian Linux 3.1 hppa Debian Linux 3.1 ia32 Debian Linux 3.1 ia64 Debian Linux 3.1 m68k Debian Linux 3.1 mips Debian Linux 3.1 mipsel Debian Linux 3.1 ppc Debian Linux 3.1 s/390 Debian Linux 3.1 sparc Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apple Mac OS X 10.2.8 Apple Mac OS X 10.3.6 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.3.6 RedHat Desktop 4.0 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux WS 4 Sun Solaris 10.0 Apache Software Foundation Apache 2.0.50 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.1 x86_64 Apache Software Foundation Apache 2.0.46 RedHat Desktop 3.0 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux WS 3 Trustix Secure Linux 2.0
Not Vulnerable	Apache Software Foundation Apache 2.0.55
Code	Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: content@securitydot.net <mailto:content@securitydot.net>.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
• 2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
• 2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities
• 2009-12-14 MySQL Multiple Remote Denial Of Service Vulnerabilities
• 2009-12-14 Digital Scribe Multiple SQL Injection Vulnerabilities
• 2009-12-14 Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability
• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
• 2009-12-14 WebKit Web Inspector Cross Site Scripting Vulnerability
• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 15 Dec 2009 02:36:55 +0000