[25978] in bugtraq
Re: Apache mod_ssl off-by-one vulnerability
daemon@ATHENA.MIT.EDU (H D Moore)
Thu Jun 27 19:18:32 2002
Content-Type: text/plain;
charset="iso-8859-1"
From: H D Moore <sflist@digitaloffense.net>
To: Jedi/Sector One <j@pureftpd.org>, bugtraq@securityfocus.com
Date: Wed, 26 Jun 2002 21:46:12 -0500
In-Reply-To: <20020624204709.GA21212@c9x.org>
MIME-Version: 1.0
Message-Id: <200206262146.12892.sflist@digitaloffense.net>
Content-Transfer-Encoding: 8bit
Just to confirm, the bug exists in 2.8.9 and earlier? The first part of the
advisory mentions 2.4.9, so a casual reader may assume they are unaffected if
they don't read all the way to the bottom...
On Monday 24 June 2002 15:47, Jedi/Sector One wrote:
> Product: mod_ssl - http://www.modssl.org/
> Date: 06/24/2002
> Summary: Off-by-one in mod_ssl 2.4.9 and earlier
[ snip ]
> The mod_ssl development team was very reactive and a new version has just
> been released. mod_ssl 2.8.10 addresses the vulnerability and it is
> freely available from http://www.modssl.org/ . Upgrading from an earlier
> release is painless.
