mod_ssl 2.8.18 for Apache 1.3.31 suffers from a format string vulnerability.
6bc74708efb719f3dd166615a2295857ff80b86322f5e777eacbf97f0e3496e4
+-----[ Software ]-----+
The mod_ssl project provides strong cryptography for the Apache 1.3
webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit
OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson
(http://www.modssl.org)
+-----[ Version ]-----+
mod_ssl-2.8.18-1.3.31
+-----[ Description ]-----+
Format string vulnerability.
+-----[ Vulnerable Code ]-----+
[ssl_engine_log.c]
void ssl_log(server_rec *s, int level, const char *msg, ...)
{
......
/* create custom message */
ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
......
}
+-----[ Greetings ]-----+
#coders @ irc.ttnet.net.tr
http://deicide.siyahsapka.org
+-----[ Shouts ]-----+
Thanks to enderunix (www.enderunix.org) core team for coding vulnerable softwares.
+-----[ Contact ]-----+
http://virulent.siyahsapka.org
virulent@siyahsapka.org
+----------------------+