Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability

Bugtraq ID:	12877
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 23 2005 12:00AM
Updated:	Mar 23 2005 12:00AM
Credit:	Discovery is credited to keilh <[email protected]>.
Vulnerable:	SuSE Linux Enterprise Server 9 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Apache Apache 2.0.49 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Apache 2.0.48 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + SuSE Linux 8.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Apache 2.0.47 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.3.4 + Apple Mac OS X Server 10.3.3 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 Apache Apache 2.0.46 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + Trustix Secure Linux 2.0 Apache Apache 2.0.45 - Apple Mac OS X 10.2.6 - Apple Mac OS X 10.2.5 - Apple Mac OS X 10.2.4 - Apple Mac OS X 10.2.3 - Apple Mac OS X 10.2.2 - Apple Mac OS X 10.2.1 - Apple Mac OS X 10.2 - Apple Mac OS X 10.1.5 - Apple Mac OS X 10.1.4 - Apple Mac OS X 10.1.3 - Apple Mac OS X 10.1.2 - Apple Mac OS X 10.1.1 - Apple Mac OS X 10.1 - Apple Mac OS X 10.1 - Apple Mac OS X 10.0.4 - Apple Mac OS X 10.0.3 - Apple Mac OS X 10.0.2 - Apple Mac OS X 10.0.1 - Apple Mac OS X 10.0 Apache Apache 2.0.44 Apache Apache 2.0.43 Apache Apache 2.0.42 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Apache 2.0.41 Apache Apache 2.0.40 + Redhat Linux 9.0 i386 + Redhat Linux 8.0 + Terra Soft Solutions Yellow Dog Linux 3.0 Apache Apache 2.0.39 Apache Apache 2.0.38 Apache Apache 2.0.37 Apache Apache 2.0.36 Apache Apache 2.0.35 Apache Apache 2.0.32 Apache Apache 2.0.28 Beta Apache Apache 2.0.28 Apache Apache 2.0 a9 Apache Apache 2.0
Not Vulnerable:	Apache Apache 2.0.53 Apache Apache 2.0.52 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.2.8 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.2.8 + Redhat Desktop 4.0 + Redhat Enterprise Linux AS 4 + Redhat Enterprise Linux ES 4 + Redhat Enterprise Linux WS 4 + Sun Solaris 10 Apache Apache 2.0.51 + Redhat Fedora Core2 + Redhat Fedora Core1 Apache Apache 2.0.50 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1

Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability

mod_ssl is prone to a remote denial of service vulnerability. The issue exists in the 'ssl_io_filter_cleanup' function.

A remote attacker can exploit this issue to cause a denial of service condition in an affected Apache server.

Apache 2.0.49 and prior versions are considered to be affected by this vulnerability.

Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability

An exploit is not required to leverage this issue.

Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability

Solution:
This issue has been addressed in Apache 2.0.50 and subsequent versions.

SUSE has released advisory SUSE-SR:2005:008 to address this issue. Please see the referenced advisory for more information.


Apache Apache 2.0

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0 a9

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.28

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.28 Beta

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.32

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.35

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.36

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.37

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.38

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.39

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.40

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.41

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.42

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.43

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.44

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi


• SuSE apache2-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-2.0.48-14 9.i586.rpm


• SuSE apache2-devel-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-devel-2.0 .48-149.i586.rpm


• SuSE apache2-example-pages-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-example-p ages-2.0.48-149.i586.rpm


• SuSE apache2-leader-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-leader-2. 0.48-149.i586.rpm


• SuSE apache2-prefork-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-prefork-2 .0.48-149.i586.rpm


• SuSE apache2-worker-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-worker-2. 0.48-149.i586.rpm


• SuSE libapr0-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/libapr0-2.0.48-14 9.i586.rpm

Apache Apache 2.0.45

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.46

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.47

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi

Apache Apache 2.0.48

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi


• SuSE apache2-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-2.0.48-14 9.i586.rpm


• SuSE apache2-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-2.0.4 8-149.x86_64.rpm


• SuSE apache2-devel-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-devel-2.0 .48-149.i586.rpm


• SuSE apache2-devel-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-devel -2.0.48-149.x86_64.rpm


• SuSE apache2-doc-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-doc-2.0.4 8-149.i586.rpm


• SuSE apache2-doc-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-doc-2 .0.48-149.x86_64.rpm


• SuSE apache2-example-pages-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-example-p ages-2.0.48-149.i586.rpm


• SuSE apache2-example-pages-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-examp le-pages-2.0.48-149.x86_64.rpm


• SuSE apache2-leader-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-leader-2. 0.48-149.i586.rpm


• SuSE apache2-leader-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-leade r-2.0.48-149.x86_64.rpm


• SuSE apache2-metuxmpm-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-metuxmpm- 2.0.48-149.i586.rpm


• SuSE apache2-metuxmpm-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-metux mpm-2.0.48-149.x86_64.rpm


• SuSE apache2-prefork-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-prefork-2 .0.48-149.i586.rpm


• SuSE apache2-prefork-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-prefo rk-2.0.48-149.x86_64.rpm


• SuSE apache2-worker-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-worker-2. 0.48-149.i586.rpm


• SuSE apache2-worker-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-worke r-2.0.48-149.x86_64.rpm


• SuSE libapr0-2.0.48-149.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/libapr0-2.0.48-14 9.i586.rpm


• SuSE libapr0-2.0.48-149.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/libapr0-2.0.4 8-149.x86_64.rpm

Apache Apache 2.0.49

• Apache Software Foundation Apache Web Server 2.0.53
  http://httpd.apache.org/download.cgi


• SuSE apache2-2.0.49-27.24.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-2.0.49-27 .24.3.i586.rpm


• SuSE apache2-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-2.0.4 9-27.24.3.x86_64.rpm


• SuSE apache2-devel-2.0.49-27.24.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-devel-2.0 .49-27.24.3.i586.rpm


• SuSE apache2-devel-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-devel -2.0.49-27.24.3.x86_64.rpm


• SuSE apache2-doc-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-doc-2 .0.49-27.24.3.x86_64.rpm


• SuSE apache2-example-pages-2.0.49-27.24.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-example-p ages-2.0.49-27.24.3.i586.rpm


• SuSE apache2-example-pages-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-examp le-pages-2.0.49-27.24.3.x86_64.rpm


• SuSE apache2-prefork-2.0.49-27.24.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-prefork-2 .0.49-27.24.3.i586.rpm


• SuSE apache2-prefork-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-prefo rk-2.0.49-27.24.3.x86_64.rpm


• SuSE apache2-worker-2.0.49-27.24.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-worker-2. 0.49-27.24.3.i586.rpm


• SuSE apache2-worker-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-worke r-2.0.49-27.24.3.x86_64.rpm


• SuSE libapr0-2.0.49-27.24.3.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/libapr0-2.0.49-27 .24.3.i586.rpm


• SuSE libapr0-2.0.49-27.24.3.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/libapr0-2.0.4 9-27.24.3.x86_64.rpm

Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability

References:

• Apache Homepage (Apache Software Foundation)
  
• ASF Bugzilla Bug 27945 - Memory violations in 'ssl_io_filter_cleanup(..)' (keilh )
  
• mod_ssl Homepage (mod_ssl Project)