Source: www.securityspace.com

Title: Apache-SSL overflow
ID: 10918
Category: Gain a shell remotely
URL: http://www.securityspace.com/smysecure/catid.html?id=10918
Summary: Checks for version of Apache-SSL
Description:
** The remote host is using a version of Apache-SSL which is
** older than 1.47

** This version is vulnerable to a buffer overflow which,
** albeit difficult to exploit, may allow an attacker
** to obtain a shell on this host.


** Solution : Upgrade to version 1.47 or newer
** Risk factor : High

Is regular apache affected?

I don't think so... at www.apache.org there was no panic but at http://www.apache-ssl.org there was...

source: http://www.apache-ssl.org/advisory-20020301.txt


Apache-SSL buffer overflow condition (all versions prior to 1.3.22+1.46)
------------------------------------------------------------------------

Synopsis
--------

A buffer overflow was recently found in mod_ssl, see:

http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html

for details. The offending code in mod_ssl was, in fact, derived from
Apache-SSL, and Apache-SSL is also vulnerable.

As in mod_ssl, this flaw can only be exploited if client certificates
are being used, and the certificate in question must be issued by a
trusted CA.

Fix
---

Download Apache-SSL 1.3.22+1.47 from the usual places (see
http://www.apache-ssl.org/).

(note that 1.46 had a bug in it, so you should use 1.47)

Acknowledgements
----------------

Thanks to Ed Moyle for finding the flaw.

Rant
----

No thanks to anyone at all for alerting me before going
public. Cheers, guys.

Ben Laurie, March 1, 2002.


It's only a prob with Apache-SSL