安全研究
安全漏洞
Apache Mod_SSL/Apache-SSL远程缓冲区溢出漏洞
发布日期:2002-02-27
更新日期:2002-03-04
受影响系统:
Mod_SSL mod_ssl 2.8.6不受影响系统:
Mod_SSL mod_ssl 2.8.5
Mod_SSL mod_ssl 2.8.4
Mod_SSL mod_ssl 2.8.3
Mod_SSL mod_ssl 2.8.2
Mod_SSL mod_ssl 2.8.1
Mod_SSL mod_ssl 2.8
Mod_SSL mod_ssl 2.7.1
Apache-SSL Apache-SSL 1.46
Apache-SSL Apache-SSL 1.45
Apache-SSL Apache-SSL 1.44
Apache-SSL Apache-SSL 1.43
Apache-SSL Apache-SSL 1.42
Apache-SSL Apache-SSL 1.41
Apache-SSL Apache-SSL 1.40
Mod_SSL mod_ssl 2.8.7描述:
Apache-SSL Apache-SSL 1.47
BUGTRAQ ID: 4189
CVE(CAN) ID: CVE-2002-0082
Mod_SSL和Apache-SSL是Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。这个模块利用OpenSSL来完成SSL实现。
版本低于2.8.7-1.3.23的Mod_SSL和版本低于1.3.22+1.47的Apache-SSL实现上以一种不安全方式使用OpenSSL函数,在某些条件下,可能导致缓冲区溢出,远程攻击者可能对服务器程序实施拒绝服务攻击或在主机上执行任意指令。
在启用SSL会话缓存后,mod_ssl会对SSL会话变量进行排序和存储,以便日后使用。Mod_SSL在实现'shm'或'dbm'会话缓存机制时调用了OpenSSL的i2d_SSL_SESSION函数,OpenSSL要求在调用该函数时必须为其分配足够大小的内存以保存数据。但是由于Mod_SSL没有按照正确的方式进行调用,Mod_SSL在处理连续会话时可能导致一个静态缓冲区发生溢出。
要利用这个漏洞,攻击者必须想办法增加代表会话的数据的长度,这就要通过在客户端指定超大的证书实现。这个漏洞需要服务器打开对客户端证书的认证并且客户端证书是经由一个Web服务器程序信任的CA的认证的情况下才能被利用。尽管漏洞难以被利用,我们仍然建议管理员尽快升级以避免潜在的危险。
<*来源:Ed Moyle (emoyle@scsnet.csc.com)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html
http://archives.neohapsis.com/archives/bugtraq/2002-02/0369.html
http://www.apache-ssl.org/advisory-20020301.txt
http://archives.neohapsis.com/archives/bugtraq/2002-03/0012.html
http://www.linuxsecurity.com/advisories/other_advisory-1923.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0034-apache.asc.txt
http://www.debian.org/security/2002/dsa-120
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
https://www.redhat.com/support/errata/RHSA-2002-041.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
https://www.redhat.com/support/errata/RHSA-2002-042.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 不要使用有漏洞的mod_ssl。
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:465)以及相应补丁:
CLA-2002:465:Buffer overflow in the mod_ssl module used by apache
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
补丁下载:
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/apache-1.3.22-1U50_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-devel-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/apache-doc-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/apache-1.3.22-1U51_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-1.3.22-1U51_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-doc-1.3.22-1U51_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/apache-devel-1.3.22-1U51_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/apache-1.3.22-1U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/apache-1.3.22-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/apache-devel-1.3.22-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/apache-doc-1.3.22-1U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/apache-1.3.22-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-1.3.22-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-devel-1.3.22-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/apache-doc-1.3.22-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/apache-1.3.22-1U50_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-devel-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/apache-doc-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/apache-1.3.22-1U50_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-devel-1.3.22-1U50_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/apache-doc-1.3.22-1U50_3cl.i386.rpm
Debian
------
Debian已经为此发布了一个安全公告(DSA-120-1)以及相应补丁:
DSA-120-1:New mod_ssl and Apache/SSL packages fix buffer overflow
链接:http://www.debian.org/security/2002/dsa-120
补丁下载:
Debian GNU/Linux 2.2 alias potato
- ------------------------------------
Source archives:
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-4.diff.gz
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-4.dsc
http://security.debian.org/dists/stable/updates/main/source//apache-ssl_1.3.9.13.orig.tar.gz
http://security.debian.org/dists/stable/updates/main/source/libapache-mod-ssl_2.4.10-1.3.9-1potato1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/libapache-mod-ssl_2.4.10-1.3.9-1potato1.dsc
http://security.debian.org/dists/stable/updates/main/source/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
Architecture independent components:
http://security.debian.org/dists/stable/updates/main/binary-all/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato1_all.deb
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-ssl_1.3.9.13-4_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libapache-mod-ssl_2.4.10-1.3.9-1potato1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-ssl_1.3.9.13-4_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libapache-mod-ssl_2.4.10-1.3.9-1potato1_arm.deb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-ssl_1.3.9.13-4_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libapache-mod-ssl_2.4.10-1.3.9-1potato1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-ssl_1.3.9.13-4_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libapache-mod-ssl_2.4.10-1.3.9-1potato1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-ssl_1.3.9.13-4_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libapache-mod-ssl_2.4.10-1.3.9-1potato1_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-ssl_1.3.9.13-4_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libapache-mod-ssl_2.4.10-1.3.9-1potato1_sparc.deb
EnGarde
-------
EnGarde已经为此发布了一个安全公告(ESA-20020301-005)以及相应补丁:
ESA-20020301-005:mod_ssl's session caching mechanisms contain a potential buffer overflow
链接:http://www.linuxsecurity.com/advisories/other_advisory-1923.html
补丁下载:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
补丁安装方法:
安装程序之前,主机必须是以下两种状态之一:
a) 启到一个标准的kernel
b) 禁用LIDS
用以下命令禁用LIDS:
# /sbin/lidsadm -S -- -LIDS_GLOBAL
安装更新软件:
# rpm -Uvh <filename>
更新LIDS的设置:
# /usr/sbin/config_lids.pl
开启LIDS:
# /sbin/lidsadm -S -- +LIDS_GLOBAL
检查更新文件的签名:
# rpm -Kv <filename>
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:020)以及相应补丁:
MDKSA-2002:020:mod_ssl
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php3
补丁下载:
________________________________________________________________________
Updated Packages:
Linux-Mandrake 7.1:
57b34a081cca5b85aae6c097d067316a 7.1/RPMS/mod_ssl-2.8.5-2.4mdk.i586.rpm
5189233df0f03cb8fe78675dc4b7b58b 7.1/SRPMS/mod_ssl-2.8.5-2.4mdk.src.rpm
Linux-Mandrake 7.2:
b1fd2e18a7d3b8d512e2bf858c040282 7.2/RPMS/mod_ssl-2.8.5-2.3mdk.i586.rpm
09c08fd15d6e826188f51a41a047b568 7.2/SRPMS/mod_ssl-2.8.5-2.3mdk.src.rpm
Mandrake Linux 8.0:
25812a052c7e82db4015c80395d0a142 8.0/RPMS/mod_ssl-2.8.5-2.2mdk.i586.rpm
ae2ab6e8cd666f6171b682f69340e0df 8.0/SRPMS/mod_ssl-2.8.5-2.2mdk.src.rpm
Mandrake Linux 8.0/ppc:
53b213329a866d92c4a70273cf0b591d ppc/8.0/RPMS/mod_ssl-2.8.5-2.2mdk.ppc.rpm
ae2ab6e8cd666f6171b682f69340e0df ppc/8.0/SRPMS/mod_ssl-2.8.5-2.2mdk.src.rpm
Mandrake Linux 8.1:
020058f4fd26dc78480804caf5cd0044 8.1/RPMS/mod_ssl-2.8.5-2.1mdk.i586.rpm
8e9e7f26e64e15d4323e69cc9afad15e 8.1/SRPMS/mod_ssl-2.8.5-2.1mdk.src.rpm
Mandrake Linux 8.1/ia64:
59974b39c67f4e2773416349c8207d54 ia64/8.1/RPMS/mod_ssl-2.8.5-2.1mdk.ia64.rpm
8e9e7f26e64e15d4323e69cc9afad15e ia64/8.1/SRPMS/mod_ssl-2.8.5-2.1mdk.src.rpm
Corporate Server 1.0.1:
57b34a081cca5b85aae6c097d067316a 1.0.1/RPMS/mod_ssl-2.8.5-2.4mdk.i586.rpm
5189233df0f03cb8fe78675dc4b7b58b 1.0.1/SRPMS/mod_ssl-2.8.5-2.4mdk.src.rpm
Single Network Firewall 7.2:
27f5f01c9f3ec9fda3af4661fa84c9f5 snf7.2/RPMS/mod_ssl-2.8.4-4.2mdk.i586.rpm
5421309dd07559693f07800528561612 snf7.2/SRPMS/mod_ssl-2.8.4-4.2mdk.src.rpm
________________________________________________________________________
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:042-12)以及相应补丁:
RHSA-2002:042-12:Updated secureweb packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-042.html
补丁下载:
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/mod_ssl-2.8.5-3.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/mod_ssl-2.8.5-3.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/mod_ssl-2.8.5-3.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mod_ssl-2.8.5-3.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/mod_ssl-2.8.5-3.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/mod_ssl-2.8.5-3.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/mod_ssl-2.8.5-3.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mod_ssl-2.8.5-4.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/mod_ssl-2.8.5-4.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/mod_ssl-2.8.5-4.ia64.rpm
Trustix
-------
Trustix已经为此发布了一个安全公告(TSLSA-2002-0034)以及相应补丁:
TSLSA-2002-0034:apache
链接:
补丁下载:
MD5sums of the packages:
- --------------------------------------------------------------------------
c75115bb82f788f2d673e13faf66254b ./1.5/SRPMS/apache-1.3.23-1tr.src.rpm
7ea8c94b43b43cdbc2a9b31be96e40b5 ./1.5/RPMS/apache-devel-1.3.23-1tr.i586.rpm
eea37ac2ee6c2611d9434977fa389475 ./1.5/RPMS/apache-1.3.23-1tr.i586.rpm
- --------------------------------------------------------------------------
上述补丁可以在下列地址下载:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/
Mod_SSL
-------
目前厂商已经发布了mod_ssl 2.8.7-1.3.23以修复这个安全问题,请到厂商的主页下载:
http://www.modssl.org/source/mod_ssl-2.8.7-1.3.23.tar.gz
Apache-SSL
----------
目前厂商已经发布了1.3.22+1.47版本以修复这个安全问题,请到厂商的主页下载:
http://www.apache-ssl.org/
浏览次数:5642
严重程度:0(网友投票)
绿盟科技给您安全的保障