[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1

Subject: Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1
From: Paul Warner <pwarner@xxxxxxxxxxxxxxxxxx>
Date: Thu Oct 3 05:11:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Gerald Waugh wrote:
>
> >   Someone said it's using a patched openssl-0.9.2b
> >   Why they keep patching these old versions of software is beyond me.
> >   Must be that all the other cobalt specific stuff gets in the way.
> >
> >   Waiting for confirmation!!!
>
> That someone was wrong. They didn't even bother patching openssl. .pkg
files
> are nothing more than glorified .tgz files. A
>
>   tar -zxvf RaQ4-All-Security-2.0.1-2-15787.pkg
>
> reveals that they've just packaged a Stackguarded version of apache-1.3.20
> (hopefully they used the version that they patched against the Chunk
> Handling Vulnerability, wouldn't want to be vulnerable to that again). We
> waited a month for another band-aid that they forgot to put the sticky
stuff
> on.
>

There's a free tool to check this from
http://www.eeye.com/html/Research/Tools/RetinaApacheChunked.exe

References:
- Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1
  - From: paulos
- Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1
  - From: Gerald Waugh
- Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1
  - From: Travis Ogdon

Prev by Date: Re: [cobalt-users] Is the RaQ Apache & SSL Patch working??? May be [OT]
Next by Date: RE: [cobalt-users] Raqbackup Problem or CMU problem or Me!!
Previous by thread: Re: [cobalt-users] [RaQ4] FYI: Apache & SSL Update 2.0.1
Next by thread: [cobalt-users] Qube3: recover root password

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index