Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
RE: [suse-security] SuSE Apache patch sufficient?
  • From: "Alan Rouse" <ARouse@xxxxxxxx>
  • Date: Thu, 20 Jun 2002 11:30:35 -0400
  • Message-id: <382BC0C28F397F4785E7414B8279F5271B52EB@xxxxxxxxxxxxxxxxxxxxxxx>
>> However, the exploit posted this morning on vulnwatch indicates that
>> such an exploit exists against Linux.
>
> Again:
> No, the exploit posted on vulnwatch this morning works agains xBSD
> only.

If you read the comments in the .c file, you will see their claim that
they have exploited this under linux. Quoting below:

* However, contrary to what ISS would have you believe, we have
* successfully exploited this hole on the following operating systems:
*
* Sun Solaris 6-8 (sparc/x86)
* FreeBSD 4.3-4.5 (x86)
* OpenBSD 2.6-3.1 (x86)
* Linux (GNU) 2.4 (x86)

So either they are bluffing or the eploit does exist. I prefer not to
assume the former. And I don't exactly consider these folks a trusted
third party.

< Previous Next >