Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sun Jun 23 2002 - 00:15:00 PDT

Next message: Jedi/Sector One: "Re: Another flaw in Apache?"

Previous message: Jedi/Sector One: "Re: Another flaw in Apache?"
In reply to: Alexander Yurchenko: "Re: Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  Further investigation show that the flaw is not in Apache itself, but in
mod_ssl, so it's probably not an OpenBSD-specific bug. It's just not
triggered on systems where mod_ssl isn't compiled in.

  The overflow is the ssl_compat_directive() function in
src/modules/ssl/ssl_engine_compat.c .

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Next message: Jedi/Sector One: "Re: Another flaw in Apache?"
Previous message: Jedi/Sector One: "Re: Another flaw in Apache?"
In reply to: Alexander Yurchenko: "Re: Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 08:49:00 PDT