Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] Apache update
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Tue, 18 Jun 2002 10:34:43 +0200
  • Message-id: <20020618103443.E5120@xxxxxxxxx>
* bliss@xxxxxxxxx wrote on Tue, Jun 18, 2002 at 04:26 +0000:
> I am not certain if this is the exploit you are talking
> about. There was no link included in the email which you
> sent. But, the XForce email announcing an exploit
> (assumed to be what you are talking about here,
> specifically states:
>
> > > X-Force has verified that this issue is exploitable
> > > on Apache for
> > > Windows (Win32) version 1.3.24. Apache 1.x for Unix
> > > contains the same
> > > source code, but X-Force believes that successful
> > > exploitation on most
> > > Unix platforms is unlikely.
>
> So, if this is the vulnerability which you are talking
> about, then the reporting group states that it is
> probably not a problem on Unix (which would include SuSE
> Linux).

Well, in the Apache group's advisory, Mark J Cox stated it a
little different and said the patch supplied by IIS wouldn't
prevent it.

BTW, I really wonder about this one, gcc should warn if someone
compare signed with unsigned I though...

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References