Intrusion Prevention

Apache.mod_ssl.ssl_util_uuencode_binary.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Apache mod_ssl.
The "ssl_util_uuencode_binary" function in "ssl_util.c" for Apache mod_ssl has a stack-based buffer overflow vulnerability. A remote attacker can execute arbitrary code on a vulnerable system via a client certificate with a long subject DN.

Affected Products

mod_ssl 2.8.16 and prior.

Impact

System compromise: remote code execution.

Recommended Actions

Upgrade to the latest version, available from the following web site:
http://www.apache.org/

CVE References

CVE-2004-0488