Signature Detail

FTP: Apache mod_include SSL Buffer Overflow

This signature detects attempts to exploit a known vulnerability in Apache web server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted server.

Extended Description

The problem presents itself when the affected module attempts to parse mod_include-specific tag values. A failure to properly validate the lengths of user-supplied tag strings before copying them into finite buffers facilitates the overflow. A local attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the affected Apache server.

Affected Products

• Apache_software_foundation apache 1.3.0
• Apache_software_foundation apache 1.3.1
• Apache_software_foundation apache 1.3.11
• Apache_software_foundation apache 1.3.12
• Apache_software_foundation apache 1.3.14
• Apache_software_foundation apache 1.3.17
• Apache_software_foundation apache 1.3.18
• Apache_software_foundation apache 1.3.19
• Apache_software_foundation apache 1.3.20
• Apache_software_foundation apache 1.3.22
• Apache_software_foundation apache 1.3.23
• Apache_software_foundation apache 1.3.24
• Apache_software_foundation apache 1.3.25
• Apache_software_foundation apache 1.3.26
• Apache_software_foundation apache 1.3.27
• Apache_software_foundation apache 1.3.28
• Apache_software_foundation apache 1.3.29
• Apache_software_foundation apache 1.3.3
• Apache_software_foundation apache 1.3.31
• Apache_software_foundation apache 1.3.32
• Apache_software_foundation apache 1.3.4
• Apache_software_foundation apache 1.3.6
• Apache_software_foundation apache 1.3.7 -Dev
• Apache_software_foundation apache 1.3.9
• Avaya communication_manager 1.1.0
• Avaya communication_manager 1.3.1
• Avaya communication_manager 2.0.0
• Avaya communication_manager 2.0.1
• Avaya intuity LX
• Avaya mn100
• Avaya modular_messaging_(mss) 1.1.0
• Avaya modular_messaging_(mss) 2.0.0
• Avaya network_routing
• Hp hp-ux 11.0.0
• Hp hp-ux 11.11.0
• Hp hp-ux 11.20.0
• Hp hp-ux 11.22.0
• Hp hp-ux B.11.00
• Hp hp-ux B.11.11
• Hp hp-ux B.11.22
• Hp virtualvault A.04.50
• Hp virtualvault A.04.60
• Hp virtualvault A.04.70
• Hp webproxy A.02.00
• Hp webproxy A.02.10
• Ibm hardware_management_console_(hmc)_for_iseries 3.3.2
• Ibm hardware_management_console_(hmc)_for_iseries 4.0.0 R2.0
• Ibm hardware_management_console_(hmc)_for_pseries 3.3.2
• Ibm hardware_management_console_(hmc)_for_pseries 4.0.0 R2.0
• Ibm http_server 1.3.12
• Ibm http_server 1.3.12 .1
• Ibm http_server 1.3.12 .2
• Ibm http_server 1.3.12 .3
• Ibm http_server 1.3.12 .4
• Ibm http_server 1.3.12 .5
• Ibm http_server 1.3.12 .6
• Ibm http_server 1.3.12 .7
• Ibm http_server 1.3.19
• Ibm http_server 1.3.19 .1
• Ibm http_server 1.3.19 .2
• Ibm http_server 1.3.19 .3
• Ibm http_server 1.3.19 .4
• Ibm http_server 1.3.19 .5
• Ibm http_server 1.3.26
• Ibm http_server 1.3.26 .1
• Ibm http_server 1.3.26 .2
• Ibm http_server 1.3.28
• Ibm http_server 1.3.28 .1
• Ibm http_server 1.3.3 Win32
• Ibm http_server 1.3.6 .2 Unix
• Ibm http_server 1.3.6 .2 Win32
• Ibm http_server 1.3.6 .3
• Ibm http_server 1.3.6 .4 Win32
• Ibm http_server 1.3.6 Win32
• Openpkg openpkg 2.0.0
• Openpkg openpkg 2.1.0
• Openpkg openpkg 2.2.0
• Openpkg openpkg Current
• Red_hat stronghold 4.0.0
• Slackware linux 10.0.0
• Slackware linux 8.0.0
• Slackware linux 8.1.0
• Slackware linux 9.0.0
• Slackware linux 9.1.0
• Slackware linux -Current
• Sun solaris 8 Sparc
• Sun solaris 8 X86
• Sun solaris 9 Sparc
• Sun solaris 9 X86
• Suse linux 8.0.0
• Suse linux 8.1.0
• Suse linux_personal 8.2.0
• Suse linux_personal 9.0.0
• Suse linux_personal 9.0.0 X86 64
• Suse linux_personal 9.1.0
• Suse linux_personal 9.2.0
• Trustix secure_linux 1.5.0

References

• BugTraq: 11471
• CVE: CVE-2004-0940