Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Apache patch sufficient?
----- Original Message -----
From: "Alan Rouse" <ARouse@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, June 20, 2002 5:30 PM
Subject: RE: [suse-security] SuSE Apache patch sufficient?


> If you read the comments in the .c file, you will see their claim that
> they have exploited this under linux.
...
> So either they are bluffing or the eploit does exist. I prefer not to
> assume the former. And I don't exactly consider these folks a trusted
> third party.

you're right - this also confused me. I guess they are bluffing...
So I tried it against different systems and it did'nt work. I tested it
against
- Debian 2.2 with apache 1.3.24
- Mandrake 7.2 with apache 1.3.20
- SuSE 8.0 with apache 1.3.23

none of them were exploitable - all of them have 1.3.26 now.

cheers,
Andreas




< Previous Next >
Follow Ups
References