[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-17 Apache WebServer Chunk HandlingVulnerability
- Subject: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-17 Apache WebServer Chunk HandlingVulnerability
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Sat Jun 22 09:42:01 2002
- Organization: nobaloney.net
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
"William L. Thomson Jr." wrote:
> > Our systems are neither running Windows nor are they running 64-bit unix
> > or linux.
> >
> > I got a kick out of this paragraph:
>
> Yes, but did you read
> http://httpd.apache.org/info/security_bulletin_20020617.txt
>
> Which states
>
> In Apache 1.3 the issue causes a stack overflow. Due to the nature of
> the
> overflow on 32-bit Unix platforms this will cause a segmentation
> violation
> and the child will terminate.
Yes, I did, but not until after I made my reply. I still don't feel
this is as big an issue on our RaQs than it is on some other platforms,
and I don't know of any actual exploits out for it, but I agree with
you, yes, I do want to see a patch for our RaQs.
I'm not replying to the rest of your excellent post because I feel the
above paragraph presents my answer to the entire post <smile>.
Thanks for giving me the chance to clarify.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA 92517
voice: +1 909 778-9980 * fax: +1 909 548-9484