Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.DEBIAN_DSA-120.NASL
HistorySep 29, 2004 - 12:00 a.m.

Debian DSA-120-1 : mod_ssl - buffer overflow

2004-09-2900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
17

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.476

Percentile

97.5%

JSON

Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl.
With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks.

To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-120. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14957);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2002-0082");
  script_xref(name:"DSA", value:"120");

  script_name(english:"Debian DSA-120-1 : mod_ssl - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl.
With session caching enabled, mod_ssl will serialize SSL session
variables to store them for later use. These variables were stored in
a buffer of a fixed size without proper boundary checks.

To exploit the overflow, the server must be configured to require
client certificates, and an attacker must obtain a carefully crafted
client certificate that has been signed by a Certificate Authority
which is trusted by the server. If these conditions are met, it would
be possible for an attacker to execute arbitrary code on the server."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-120"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the Apache-SSL and mod_ssl packages.

This problem has been fixed in version 1.3.9.13-4 of Apache-SSL and
version 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable
Debian distribution as well as in version 1.3.23.1+1.47-1 of
Apache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing
and unstable distribution of Debian."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache-ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache-mod-ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"apache-ssl", reference:"1.3.9.13-4")) flag++;
if (deb_check(release:"2.2", prefix:"libapache-mod-ssl", reference:"2.4.10-1.3.9-1potato1")) flag++;
if (deb_check(release:"2.2", prefix:"libapache-mod-ssl-doc", reference:"2.4.10-1.3.9-1potato1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxapache-sslp-cpe:/a:debian:debian_linux:apache-ssl
debiandebian_linuxlibapache-mod-sslp-cpe:/a:debian:debian_linux:libapache-mod-ssl
debiandebian_linux2.2cpe:/o:debian:debian_linux:2.2

Related

nessus 3
f5 4
nvd 1
cvelist 1
openvas 2
cve 1
zdt 1
cert 1
nessus
nessus
Apache mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
2002-03-08 00:00:00
Mandrake Linux Security Advisory : mod_ssl (MDKSA-2002:020)
2004-07-31 00:00:00
Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow
2002-03-19 00:00:00
f5
f5
SOL1907 - mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082
2007-05-16 00:00:00
K4119 : Buffer overflow in mod_ssl - CVE-2002-0082
2013-03-29 00:00:00
K1907 : mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082
2013-06-27 00:00:00
nvd
nvd
CVE-2002-0082
2002-03-15 05:00:00
cvelist
cvelist
CVE-2002-0082
2002-06-25 04:00:00
openvas
openvas
Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
2008-01-17 00:00:00
Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
2008-01-17 00:00:00
cve
cve
CVE-2002-0082
2002-06-25 04:00:00
zdt
zdt
Apache mod_ssl < 2.8.7 OpenSSL - OpenFuckV2.c Remote Buffer Overflow (2) Exploit
2019-07-10 00:00:00
cert
cert
mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine
2002-03-01 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.476

Percentile

97.5%

JSON
Related for DEBIAN_DSA-120.NASL
nessus3f54nvd1cvelist1openvas2cve1zdt1cert1