Published: 15/03/2002 Updated: 18/10/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 766
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The dbm and shm session cache code in mod_ssl prior to 2.8.7-1.3.23, and Apache-SSL prior to 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Vulnerability Trend

Affected Products

Vendor Product Versions
Apache-sslApache-ssl1.40, 1.41, 1.42, 1.44, 1.45, 1.46
Mod SslMod Ssl2.7.1, 2.8, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6

Vendor Advisories

Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use These variables were stored in a buffer of a fixed size without proper boundary checks To exploit the overflow, the server must be configured to require client certificates, an ...


/* * E-DB Note: Updating OpenFuck Exploit ~ paulsecgithubio/blog/2014/04/14/updating-openfuck-exploit/ * * OF version r00t VERY PRIV8 spabam * Compile with: gcc -o OpenFuck OpenFuckc -lcrypto * objdump -R /usr/sbin/httpd|grep free to get more targets * #hackarena ircbrasnetorg */ #include <arpa/ineth> #include <netinet ...
/* * OF version r00t VERY PRIV8 spabam * Version: v304 * Requirements: libssl-dev * Compile with: gcc -o OpenFuck OpenFuckc -lcrypto * objdump -R /usr/sbin/httpd|grep free to get more targets * #hackarena ircbrasnetorg * Note: if required, host ptrace and replace wget target */ #include <arpa/ineth> #include <netinet/inh&g ...
/* source: wwwsecurityfocuscom/bid/5363/info A buffer-overflow vulnerability has been reported in some versions of OpenSSL The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol A malicious client may be able to exploit this vulnerability to execute arbitrary code as the vulnerable server ...

Github Repositories

Recon Usando la herramienta netdiscover, se identificó la dirección IP 1921681138 de la maquina virtual kioptrix root@kali:~#netdiscover -i eth0 -r 19216810/24 Currently scanning: Finished! | Screen View: Unique Hosts 100 Captured ARP Req/Rep packets, from 18 hosts Total size: 6000 ________________________________________________________________

Exploits Public exploits modifications CVE-2002-0082 Apache mod_ssl < 287 OpenSSL - OpenFuckV2c Remote Buffer Overflow Fixes compilation errors CVE-2009-3103 Remote Code Execution via "SMBv2 Negotiation Vulnerability" Fixes compilation errors CVE-2017-0143 aka MS17-010 Remote Code Execution vulnerability in Microsoft SMBv1 Fixes compilation errors CVE-2003-