GLSA: mod_ssl

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 10/27/02

• Previous message: 3APA3A: "Re[2]: IPSwitch, Inc. WS_FTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Daniel Ahlberg <aliz@gentoo.org>
Date: Sun, 27 Oct 2002 02:38:04 +0200
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-009
- - --------------------------------------------------------------------

PACKAGE : mod_ssl
SUMMARY : cross site scripting
DATE    : 2002-10-27 00:40 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9
and earlier, when UseCanonicalName is off and wildcard DNS is enabled,
allows remote attackers to execute script as other web site visitors,
via the server name in an HTTPS response on the SSL port, which is used
in a self-referencing URL.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-www/mod_ssl-2.8.11 and earlier update their systems as follows:

emerge rsync
emerge mod_ssl
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9uzVqfT7nyhUpoZMRAt2JAKC3lguQrRSwDKcDdtUL4042aHwWKACdHblk
UEB8oAlG58KkmP0LXt2YJ1I=
=E/JR
-----END PGP SIGNATURE-----

---

• Previous message: 3APA3A: "Re[2]: IPSwitch, Inc. WS_FTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [Full-Disclosure] GLSA: mod_ssl ... SUMMARY: cross site scripting ... Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ... allows remote attackers to execute script as other web site visitors, ... It is recommended that all Gentoo Linux users who are running ... (Full-Disclosure) Re: Printer Admin Object ... Thanks but what I'm looking for is info on the printer admin object on the ... > and ports on local and remote computers. ... > Add and delete a local or remote printer. ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ... (microsoft.public.scripting.vbscript) Re: Printer Admin Object ... and ports on local and remote computers. ... Add and delete a local or remote printer. ... Instrumentation scripts in Windows Server 2003, ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ... (microsoft.public.scripting.vbscript) Re: Shutdown remote server ... > How can I do a clean shut down of a remote server with VBScript? ... If you run it without any input arguments, it will reboot ... Const EWX_SHUTDOWN = 1 ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ... (microsoft.public.scripting.vbscript) Re: Script needed: Users with Remote Access permissions on a server ... Remote Access permissions on a server? ... Microsoft's "Scripting guy" archive has a script that lists all users with ... I need to query a particular server or list of servers. ... Microsoft MVP Scripting and ADSI ... (microsoft.public.scripting.vbscript)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-10