000021369 - mod_ssl contains a format string vulnerability in the ssl_log() function in RSA Keon Certificate Authority 6.5.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021369
Applies ToUS-CERT Vulnerability Note VU#303448
SecurityTracker Alert ID:  1010717
Secunia Advisory: SA12077
Keon Certificate Authority 6.5.1
Issuemod_ssl contains a format string vulnerability in the ssl_log() function in RSA Keon Certificate Authority 6.5.1
CauseThere is a format string vulnerability in the ssl_log() function of the mod_ssl module that could allow an attacker to potentially execute arbitrary code
ResolutionThis issue is resolved in an RSA Keon Certificate Authority patch and is available as KCA 6.5.1 hot fix build234 as a drop-in patch to the product. This patch is available from RSA Security Customer Support.
Legacy Article IDa22922

Attachments

    Outcomes