Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:054)
High Nessus Plugin ID 14153
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_engine_kernel.c in mod_ssl for Apache 1.3.x. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN.
The provided packages are patched to prevent this problem.
SolutionUpdate the affected mod_ssl package.