Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
RE: [suse-security] SuSE Apache patch sufficient?
We've run this code against a few GNU/Linux servers running Apache
versions prior to the fix...

In all cases it caused Apache children processes to seg fault.

In no cases was any exploit code executed, or parent processes killed.

> If you read the comments in the .c file, you will see their claim that
> they have exploited this under linux. Quoting below:
> * However, contrary to what ISS would have you believe, we have
> * successfully exploited this hole on the following operating systems:
> * Linux (GNU) 2.4 (x86)
> So either they are bluffing or the eploit does exist. I prefer not to
> assume the former. And I don't exactly consider these folks a trusted
> third party.
--
James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc
james.ogley@xxxxxxxxxxxxxx www.pinnacle.co.uk +44 (0) 20 8731 3619
Using Free Software since 1994, running GNU/Linux (SuSE 8.0)
Updated GNOME RPMs for SuSE Linux: www.usr-local-bin.org



**********************************************************************
CONFIDENTIALITY.This e-mail and any attachments are
confidential and may also be privileged. If you are not the
named recipient, please notify the sender immediately and
do not disclose the contents to another person, use it for any
purpose, or store or copy the information in any medium. Any
views expressed in this message are those of the individual
sender, except where the sender specifically states them to
be the views of Pinnacle Insurance plc.

If you have received this email in error please immediately
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


< Previous Next >
References