CVE-2005-1268 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-1268
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-1268

Description: Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

CVE Status: Candidate

References: TRUSTIX http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html SUSE http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_46_apache.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 SREASON http://securityreason.com/securityalert/604 SAID Secunia Advisory: SA19072 Secunia Advisory: SA19185 REDHAT http://rhn.redhat.com/errata/RHSA-2005-582.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1714 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1346 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1747 MISC MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 HP http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded DEBIAN http://www.debian.org/security/2005/dsa-805 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm BID 14366

Return to the previous page.