* bliss@attbi.com wrote on Tue, Jun 18, 2002 at 04:26 +0000:
I am not certain if this is the exploit you are talking about. There was no link included in the email which you sent. But, the XForce email announcing an exploit (assumed to be what you are talking about here, specifically states:
X-Force has verified that this issue is exploitable on Apache for Windows (Win32) version 1.3.24. Apache 1.x for Unix contains the same source code, but X-Force believes that successful exploitation on most Unix platforms is unlikely.
So, if this is the vulnerability which you are talking about, then the reporting group states that it is probably not a problem on Unix (which would include SuSE Linux).
Well, in the Apache group's advisory, Mark J Cox stated it a little different and said the patch supplied by IIS wouldn't prevent it. BTW, I really wonder about this one, gcc should warn if someone compare signed with unsigned I though... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.