FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-1268

This CVE name corresponds to:

Entered Topic
2005-09-17 apache -- Certificate Revocation List (CRL) off-by-one vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-1268 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-1268
Phase Assigned(20050425)

Description

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

References

Source Reference
MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163013
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
DEBIAN DSA-805
HP HPSBUX02074
HP SSRT051251
MANDRAKE MDKSA-2005:129
REDHAT RHSA-2005:582
SUNALERT 102198
SUSE SUSE-SA:2005:046
SUSE SUSE-SR:2005:018
TRUSTIX TSLSA-2005-0059
BID 14366
OVAL oval:org.mitre.oval:def:9589
VUPEN ADV-2006-0789
OVAL oval:org.mitre.oval:def:1346
OVAL oval:org.mitre.oval:def:1714
OVAL oval:org.mitre.oval:def:1747
SECUNIA 19072
SECUNIA 19185
SREASON 604

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.