Auditorías de Seguridad de Red / Evaluación de vulnerabilidades de SecuritySpace

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

--------------------------------------------------------------------------
  Turbolinux Security Advisory TLSA-2002-15
  http://www/turbolinux.co.jp/security/
                                            security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Mod_ssl

Buffer overflow command

   Release date : 2002-03-15

   Object package : mod_ssl-2.8.7-3

   Problem
    The occasion where the certificate is issued from the server

in the environment of the apache+mod_ssl, there is a vulnerability for hackers to gain access to server.

   Solution:
    Please verify version and execute the command below.
    Update from the mod_ssl-2.8.7-3 version before using.

    # rpm -qa | grep mod_ssl

    Please download the update package that corresponds to the version number.

    Execution example
    ---------------------------------------------------------------------
    # rpm -Fvh Package-1.0.0-1.i586.rpm \
    Package-doc-1.0.0-1.i586.rpm \
    Package-devel-1.0.0-1.i586.rpm

    When the rpm command is executed, please enter on the command line as follows:

    # rpm -Fvh package-1.0.0-1.i586.rpm package-doc-1.0.0-1.i586.rpm package-devel-1.0.0-1.i586.rpm
    ---------------------------------------------------------------------

    < Turbolinux 7 Server >
    < Turbolinux 7 Workstation >
    # rpm -Fvh mod_ssl-2.8.7-3.i586.rpm \
    apache-1.3.23-3.i586.rpm \
    apache-devel-1.3.23-3.i586.rpm \
    apache-manual-1.3.23-3.i586.rpm

    < Turbolinux Server 6.5 >
    < Turbolinux Advanced Server 6 >
    # rpm -Fvh mod_ssl-2.8.7-3.i386.rpm \
    apache-1.3.23-3.i386.rpm \
    apache-devel-1.3.23-3.i386.rpm \
    apache-manual-1.3.23-3.i386.rpm \
    openssl-0.9.6b-1.i386.rpm \
    openssl-devel-0.9.6b-1.i386.rpm

    < Turbolinux Server 6.1 >
    < Turbolinux Workstation 6.0 >
    # rpm -Uvh Rpm-3.0.6-15.i386.rpm \
    Popt-1.5-15.i386.rpm
    # rpm -Fvh apache-1.3.23-3.i386.rpm \
    apache-devel-1.3.23-3.i386.rpm \
    apache-manual-1.3.23-3.i386.rpm \
    openssl-0.9.6b-1.i386.rpm \
    openssl-devel-0.9.6b-1.i386.rpm
    # rpm -ivh mod_ssl-2.8.7-3.i386.rpm

    * When the Secure Web Server (the https) uses the note OpenSsl, it is necessary for the mod_ssl package to update simultaneously.

Furthermore, if using the RSA SSL of TurboLinux Server Japanese edition 6.1 recording, please do not update the mod_ssl package.

Package updates: http://www.turbolinux.co.jp/update/