CVE-2002-0082

Current Description

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Basic Data

PublishedMarch 15, 2002
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApache-sslApache-ssl1.40*******
    2.3ApplicationApache-sslApache-ssl1.41*******
    2.3ApplicationApache-sslApache-ssl1.42*******
    2.3ApplicationApache-sslApache-ssl1.44*******
    2.3ApplicationApache-sslApache-ssl1.45*******
    2.3ApplicationApache-sslApache-ssl1.46*******
    2.3ApplicationMod SslMod Ssl2.7.1*******
    2.3ApplicationMod SslMod Ssl2.8*******
    2.3ApplicationMod SslMod Ssl2.8.1*******
    2.3ApplicationMod SslMod Ssl2.8.2*******
    2.3ApplicationMod SslMod Ssl2.8.3*******
    2.3ApplicationMod SslMod Ssl2.8.4*******
    2.3ApplicationMod SslMod Ssl2.8.5*******
    2.3ApplicationMod SslMod Ssl2.8.6*******

Vulnerable Software List

VendorProductVersions
Apache-ssl Apache-ssl 1.40, 1.41, 1.42, 1.44, 1.45, 1.46
Mod Ssl Mod Ssl 2.7.1, 2.8, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6

References

NameSourceURLTags
CLA-2002:465http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465CONECTIVA
SSRT0817http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtmlCOMPAQ
20020301 Apache-SSL buffer overflow (fix available)http://marc.info/?l=bugtraq&m=101518491916936&w=2BUGTRAQ
20020304 Apache-SSL 1.3.22+1.47 - update to security fixhttp://marc.info/?l=bugtraq&m=101528358424306&w=2BUGTRAQ
20020227 mod_ssl Buffer Overflow Condition (Update Available)http://online.securityfocus.com/archive/1/258646BUGTRAQ
http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.htmlMISC
http://www.apacheweek.com/issues/02-03-01#securityhttp://www.apacheweek.com/issues/02-03-01#securityCONFIRM
CSSA-2002-011.0http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txtCALDERA
DSA-120http://www.debian.org/security/2002/dsa-120DEBIAN
apache-modssl-bo(8308)http://www.iss.net/security_center/static/8308.phpXFPatch Vendor Advisory
MDKSA-2002:020http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.phpMANDRAKE
ESA-20020301-005http://www.linuxsecurity.com/advisories/other_advisory-1923.htmlENGARDE
RHSA-2002:041http://www.redhat.com/support/errata/RHSA-2002-041.htmlREDHAT
RHSA-2002:042http://www.redhat.com/support/errata/RHSA-2002-042.htmlREDHAT
RHSA-2002:045http://www.redhat.com/support/errata/RHSA-2002-045.htmlREDHAT
HPSBTL0203-031http://www.securityfocus.com/advisories/3965HP
HPSBUX0204-190http://www.securityfocus.com/advisories/4008HP
4189http://www.securityfocus.com/bid/4189BID