----- Original Message ----- From: "Alan Rouse" <ARouse@n2bb.com> To: <suse-security@suse.com> Sent: Thursday, June 20, 2002 5:30 PM Subject: RE: [suse-security] SuSE Apache patch sufficient?
If you read the comments in the .c file, you will see their claim that they have exploited this under linux. ... So either they are bluffing or the eploit does exist. I prefer not to assume the former. And I don't exactly consider these folks a trusted third party.
you're right - this also confused me. I guess they are bluffing... So I tried it against different systems and it did'nt work. I tested it against - Debian 2.2 with apache 1.3.24 - Mandrake 7.2 with apache 1.3.20 - SuSE 8.0 with apache 1.3.23 none of them were exploitable - all of them have 1.3.26 now. cheers, Andreas