* bliss@attbi.com wrote on Tue, Jun 18, 2002 at 04:26 +0000:

...

I am not certain if this is the exploit you are talking about. There was no link included in the email which you sent.

No, sorry bout that. I did mention the slashdot story however, which is still in the "current" queue. But, the XForce email announcing an exploit

...

(assumed to be what you are talking about here, specifically states:

...

...

X-Force has verified that this issue is exploitable on Apache for Windows (Win32) version 1.3.24. Apache 1.x for Unix contains the same source code, but X-Force believes that successful exploitation on most Unix platforms is unlikely.

So, if this is the vulnerability which you are talking about, then the reporting group states that it is probably not a problem on Unix (which would include SuSE Linux).

Well, in the Apache group's advisory, Mark J Cox stated it a little different and said the patch supplied by IIS wouldn't prevent it.

That is also what I have read. In either case, the flaw, if viable for SuSE linux distributed versions, still seems to have the possibility of killing child instances. This means forking() another eventually. A possible denial of service is much better than the alternative here though. Hope this is all there is to it.