Hi,
A nessus scan of our Raq 3 came up with the following result. Please
could anyone let me know if this is indeed a vulnerability and If
there is a patch for it.
Kind regards
Alex
Vulnerability found on port www (80/tcp) The dbm and shm session cache code
in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not
properly initialize memory using the i2d_SSL_SESSION function, which allows
remote attackers to use a buffer overflow to execute arbitrary code via a large
client certificate that is signed by a trusted Certificate Authority (CA), which
produces a large serialized session.
The remote host is using a version of mod_ssl which is older than 2.8.7.
This version is vulnerable to a buffer overflow which, albeit difficult to
exploit, may allow an attacker to obtain a shell on this host.
****Some vendors patched older versions of mod_ssl, so this might be a false
positive. Check with your vendor to determine if you have a version of mod_ssl
that is patched for this vulnerability ******
Solution : Upgrade to version 2.8.7 or newer Risk factor :
High