安全研究
安全漏洞
Apache 'mod_ssl'日志函数格式字符串漏洞
发布日期:2004-07-16
更新日期:2008-06-30
受影响系统:
Mod_SSL mod_ssl < 2.8.19描述:
BUGTRAQ ID: 10736
CVE(CAN) ID: CVE-2004-0700
Mod_SSL是Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。
mod_ssl身份验证模块mod_proxy hook函数内的 ssl_log 函数存在安全漏洞,会受到格式字符串攻击的影响,远程攻击者可利用此漏洞访问受影响系统。
<*来源:Virulent
Ralf S. Engelschall
链接:http://xforce.iss.net/xforce/xfdb/16705
*>
建议:
厂商补丁:
Mod_SSL
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
mod_ssl mod_ssl 2.3.11
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4 .10
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.10
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.2
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.3
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.5
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.6
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.7
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.8
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.4.9
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.5 .0
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.5.1
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.6 .0
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.6.1
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.6.2
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.6.3
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.6.5
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.6.6
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.7 .0
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.7.1
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.1
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.1 -2
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.10
Mandrake mod_ssl-2.8.10-5.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
Mandrake mod_ssl-2.8.10-5.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.12
Mandrake mod_ssl-2.8.12-8.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php
Mandrake mod_ssl-2.8.12-8.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
RedHat mod_ssl-2.8.12-6.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mod_ssl-2.8.1 2-6.legacy.i386.rpm
Slackware mod_ssl-2.8.19_1.3.31-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/m od_ssl-2.8.19_1.3.31-i386-1.tgz
mod_ssl mod_ssl 2.8.15
Mandrake mod_ssl-2.8.15-1.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake mod_ssl-2.8.15-1.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
Slackware mod_ssl-2.8.19_1.3.31-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/m od_ssl-2.8.19_1.3.31-i486-1.tgz
mod_ssl mod_ssl 2.8.16
Mandrake mod_ssl-2.8.16-1.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake mod_ssl-2.8.16-1.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.17
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.2
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.3
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.4
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.5 -2
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.6
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.7
Mandrake mod_ssl-2.8.7-3.4.M82mdk.i586.rpm
Mandrake Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.8
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
mod_ssl mod_ssl 2.8.9
Debian libapache-mod-ssl-doc_2.8.9-2.3_all.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl-doc_2.8.9-2.3_all.deb
Debian libapache-mod-ssl_2.8.9-2.3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_arm.deb
Debian libapache-mod-ssl_2.8.9-2.3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_hppa.deb
Debian libapache-mod-ssl_2.8.9-2.3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_i386.deb
Debian libapache-mod-ssl_2.8.9-2.3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_ia64.deb
Debian libapache-mod-ssl_2.8.9-2.3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_m68k.deb
Debian libapache-mod-ssl_2.8.9-2.3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_mips.deb
Debian libapache-mod-ssl_2.8.9-2.3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_mipsel.deb
Debian libapache-mod-ssl_2.8.9-2.3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_powerpc.deb
Debian libapache-mod-ssl_2.8.9-2.3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_s390.deb
Debian libapache-mod-ssl_2.8.9-2.3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl_2. 8.9-2.3_sparc.deb
Debian libapache-mod-ssl_2.8.9-2.4_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_arm.deb
Debian libapache-mod-ssl_2.8.9-2.4_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_hppa.deb
Debian libapache-mod-ssl_2.8.9-2.4_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_i386.deb
Debian libapache-mod-ssl_2.8.9-2.4_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_ia64.deb
Debian libapache-mod-ssl_2.8.9-2.4_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_m68k.deb
Debian libapache-mod-ssl_2.8.9-2.4_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_mips.deb
Debian libapache-mod-ssl_2.8.9-2.4_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_mipsel.deb
Debian libapache-mod-ssl_2.8.9-2.4_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_powerpc.deb
Debian libapache-mod-ssl_2.8.9-2.4_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_s390.deb
Debian libapache-mod-ssl_2.8.9-2.4_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/li bapache-mod-ssl_2.8.9-2.4_sparc.deb
mod_ssl mod_ssl-2.8.19-1.3.31.tar.gz
http://www.modssl.org/source/mod_ssl-2.8.19-1.3.31.tar.gz
Slackware mod_ssl-2.8.19_1.3.31-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/m od_ssl-2.8.19_1.3.31-i386-1.tgz
浏览次数:1926
严重程度:0(网友投票)
绿盟科技给您安全的保障