Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sun Jun 23 2002 - 00:15:00 PDT

  • Next message: Jedi/Sector One: "Re: Another flaw in Apache?"

      Further investigation show that the flaw is not in Apache itself, but in
    mod_ssl, so it's probably not an OpenBSD-specific bug. It's just not
    triggered on systems where mod_ssl isn't compiled in.
    
      The overflow is the ssl_compat_directive() function in
    src/modules/ssl/ssl_engine_compat.c .
    
    -- 
     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
      \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 08:49:00 PDT