RedHat: secureweb mod_ssl buffer overflow


Author: JT Smith

Posted on “When session caching is enabled, mod_ssl will serialize SSL session
variables to store them for later use. Unpatched versions of mod_ssl prior
to version 2.8.7 using the ‘shm’ or ‘dbm’ session caches would do so using
a buffer with a fixed size, making it vulnerable to overflow.

To exploit the overflow, the server must be configured to require client
certificates, and an attacker must obtain a carefully crafted client
certificate that has been signed by a Certificate Authority which is
trusted by the server. If these conditions are met, it is possible for
an attacker to execute arbitrary code on the server.”


  • Security