Author: JT Smith
Posted on LinuxSecurity.com: “When session caching is enabled, mod_ssl will serialize SSL session
variables to store them for later use. Unpatched versions of mod_ssl prior
to version 2.8.7 using the ‘shm’ or ‘dbm’ session caches would do so using
a buffer with a fixed size, making it vulnerable to overflow.
variables to store them for later use. Unpatched versions of mod_ssl prior
to version 2.8.7 using the ‘shm’ or ‘dbm’ session caches would do so using
a buffer with a fixed size, making it vulnerable to overflow.
To exploit the overflow, the server must be configured to require client
certificates, and an attacker must obtain a carefully crafted client
certificate that has been signed by a Certificate Authority which is
trusted by the server. If these conditions are met, it is possible for
an attacker to execute arbitrary code on the server.”
Category:
- Security
