Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Apache did not honour the 'SSLVerifyClient require' directive within a
<Location> block if the surrounding <VirtualHost> block contained a
directive 'SSLVerifyClient optional'. This allowed clients to bypass
client certificate validation on servers with the above configuration.
(CAN-2005-2700)

Filip Sneppe discovered a Denial of Service vulnerability in the byte
range filter handler. By requesting certain large byte ranges, a
remote attacker could cause memory exhaustion in the server.
(CAN-2005-2728)

The updated libapache-mod-ssl also fixes two older Denial of Service
vulnerabilities: A format string error in the ssl_log() function which
could be exploited to crash the server (CAN-2004-0700), and a flaw in
the SSL cipher negotiation which could be exploited to terminate a
session (CAN-2004-0885). Please note that Apache 1.3 and
libapache-mod-ssl are not officially supported (they are in the
'universe' component of the Ubuntu archive).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20587 ()

Bugtraq ID:

CVE ID: CVE-2004-0700
CVE-2004-0885
CVE-2005-2700
CVE-2005-2728