Re: Apache mod_ssl off-by-one vulnerability

From: Jedi/Sector One (jat_private)
Date: Fri Jun 28 2002 - 23:55:37 PDT

Next message: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."

Previous message: DownBload: "SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)"
In reply to: Ken.Williamsat_private: "Re: Apache mod_ssl off-by-one vulnerability"
Next in thread: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."
Reply: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 27, 2002 at 04:32:32PM -0500, Ken.Williamsat_private wrote:
> i downloaded mod_ssl-2.8.9-1.3.26 from the modssl.org archive and verified
> that it does have the off-by-one error, so it appears that there was a mistake
> in the vulnerability advisory.

  Yes, there was a typo. 
  
  All versions < 2.8.10 are affected.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Next message: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."
Previous message: DownBload: "SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)"
In reply to: Ken.Williamsat_private: "Re: Apache mod_ssl off-by-one vulnerability"
Next in thread: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."
Reply: John Thornton: "Simple Wais 1.11 allows users to execute commands as SWAIS deamon."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 29 2002 - 10:12:11 PDT