Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
SuSE Apache patch sufficient?
  • From: "Alan Rouse" <ARouse@xxxxxxxx>
  • Date: Thu, 20 Jun 2002 10:54:16 -0400
  • Message-id: <382BC0C28F397F4785E7414B8279F5271B52EA@xxxxxxxxxxxxxxxxxxxxxxx>
Yesterday's SuSE advisory (Apache chunk handling) indicates their belief
that:


On 32bit architectures, this overflow cannot be exploited to inject
code into the httpd process and gain access to the machine, because
the overflow will always result in a segmentation fault, and the
process will terminate.


However, the exploit posted this morning on vulnwatch indicates that
such an exploit exists against Linux. This makes me wonder whether the
SuSE patch is sufficient. (If they did not fully understand the threat,
have they actually addressed it?)



What is the official SuSE answer to this question?



Thank you.

< Previous Next >
Follow Ups