Vulnerability Development mailing list archives
Re: Another flaw in Apache?
From: Jedi/Sector One <j () pureftpd org>
Date: Sun, 23 Jun 2002 09:15:00 +0200
Further investigation show that the flaw is not in Apache itself, but in mod_ssl, so it's probably not an OpenBSD-specific bug. It's just not triggered on systems where mod_ssl isn't compiled in. The overflow is the ssl_compat_directive() function in src/modules/ssl/ssl_engine_compat.c . -- __ /*- Frank DENIS (Jedi/Sector One) <j () 42-Networks Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
Current thread:
- Re: Another flaw in Apache?, (continued)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Message not available
- Re: Another flaw in Apache? Filipe Almeida (Jun 23)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? sd (Jun 26)