[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-17 Apache Web Server Chunk HandlingVulnerability
- Subject: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-17 Apache Web Server Chunk HandlingVulnerability
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Fri Jun 21 13:50:05 2002
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
JL> Date: Wed, 19 Jun 2002 12:26:10 -0700
JL> From: Jeff Lasman
JL> This vulnerability does NOT appear to affect Cobalt RaQs...
JL> keep reading...
It _does_ affect RaQs, and just as badly as I feared it might,
but didn't have time to dig through source myself. If you can
overrun the buffer without segfaulting, you're SOL.
Heh. I certainly took a beating with people telling me to read
the advisory on -users, though. :-\ Sometimes it helps to read
between the lines and try thinking evilly...
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.