+-----[ Software ]-----+

The mod_ssl project provides strong cryptography for the Apache 1.3 
webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer 
Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit 
OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson
(http://www.modssl.org)


+-----[ Version ]-----+

mod_ssl-2.8.18-1.3.31


+-----[ Description ]-----+

Format string vulnerability.


+-----[ Vulnerable Code ]-----+

[ssl_engine_log.c]

void ssl_log(server_rec *s, int level, const char *msg, ...)
{
......
    /*  create custom message  */
    ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
......
}


+-----[ Greetings ]-----+

#coders @ irc.ttnet.net.tr
http://deicide.siyahsapka.org


+-----[ Shouts ]-----+

Thanks to enderunix (www.enderunix.org) core team for coding vulnerable softwares.


+-----[ Contact ]-----+

http://virulent.siyahsapka.org

   virulent@siyahsapka.org

+----------------------+