Re: FreeBSD Security Notice FreeBSD-SN-02:01

From: Barney Wolff (barney@databus.com)
Date: 04/06/02

Next message: ozkan_kirik: "NAT question."
Previous message: N. J. Cash: "Re: Abit different ping problem :("
Maybe in reply to: FreeBSD Security Advisories: "FreeBSD Security Notice FreeBSD-SN-02:01"
Next in thread: Jacques A. Vidrine: "Re: FreeBSD Security Notice FreeBSD-SN-02:01"
Reply: Jacques A. Vidrine: "Re: FreeBSD Security Notice FreeBSD-SN-02:01"
Reply: Kurt Seifried: "Re: FreeBSD Security Notice FreeBSD-SN-02:01"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 6 Apr 2002 14:32:43 -0500
From: Barney Wolff <barney@databus.com>
To: security@FreeBSD.ORG

I don't understand the status of "Not yet fixed." The advisory says
mod_ssl versions < 2.8.7 have the bug, while 2.8.8 is the port
distfile as of 3/28/02. What am I missing?

On Fri, Apr 05, 2002 at 07:12:24AM -0800, FreeBSD Security Advisories wrote:
> +------------------------------------------------------------------------+
> Port name: apache13-ssl, apache13-modssl
> Affected: all versions of apache+ssl
> all versions of apache+mod_ssl
> Status: Not yet fixed.
> Buffer overflows in SSL session cache handling.
> <URL:http://www.apache-ssl.org/advisory-20020301.txt>
> <URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html>

-- 
Barney Wolff
I never met a computer I didn't like.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: ozkan_kirik: "NAT question."
Previous message: N. J. Cash: "Re: Abit different ping problem :("
Maybe in reply to: FreeBSD Security Advisories: "FreeBSD Security Notice FreeBSD-SN-02:01"
Next in thread: Jacques A. Vidrine: "Re: FreeBSD Security Notice FreeBSD-SN-02:01"
Reply: Jacques A. Vidrine: "Re: FreeBSD Security Notice FreeBSD-SN-02:01"
Reply: Kurt Seifried: "Re: FreeBSD Security Notice FreeBSD-SN-02:01"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

fat32 corruption
... The bug was written against 4.6 but it does not ... slot 31 INTC routed to irq 23 ... <Parallel port bus> on ppc0 ... can't assign resources ...
(freebsd-questions)
Re: Address book grabbing, and Printer out of Paper
... > more frequent AV runs for possible detection. ... > that plug into the parallel port. ... > - How can I detect/resolve this address book grabber bug that seems to ... > Ken Burgess ...
(microsoft.public.security)
[Full-disclosure] Solaris Socket Hijack - solsockjack.c
... Hijack Bug ... Solaris has a bug in the use of SO_REUSEADDR in that the Kernel favours any ... a work around could be setting the port numbers that are valuable to ... usage(int argc, char **argv) ...
(Full-Disclosure)
[UNIX] Solaris Socket Hijack Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... By binding a socket with an already binded port number of specific IP ... attackers can hijack an already binded sockets in Solaris. ... A bug with Solaris Kernel flag of SO_REUSEADDR cause the Kernel to accept ...
(Securiteam)
[NEWS] LG Electronics LG3100p Router Multiple Security Issues (DoS)
... Release 1.50 is vulnerable only to first and third bug. ... When configured without access lists protecting port 23, ... First is exploitable without any access to user account on the router. ... The vendor representative was informed about the vulnerabilities on ...
(Securiteam)