Re: Apache mod_ssl off-by-one vulnerability

From: Jedi/Sector One (j@pureftpd.org)
Date: 06/29/02

• Previous message: DownBload: "SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)"
• In reply to: Ken.Williams@ey.com: "Re: Apache mod_ssl off-by-one vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 29 Jun 2002 08:55:37 +0200
From: Jedi/Sector One <j@pureftpd.org>
To: Ken.Williams@ey.com

On Thu, Jun 27, 2002 at 04:32:32PM -0500, Ken.Williams@ey.com wrote:
> i downloaded mod_ssl-2.8.9-1.3.26 from the modssl.org archive and verified
> that it does have the off-by-one error, so it appears that there was a mistake
> in the vulnerability advisory.

  Yes, there was a typo.
  
  All versions < 2.8.10 are affected.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/     Secure FTP Server     \' /
  \/   Misc. free software   \/

---

• Previous message: DownBload: "SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)"
• In reply to: Ken.Williams@ey.com: "Re: Apache mod_ssl off-by-one vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-06