[26015] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Apache mod_ssl off-by-one vulnerability

daemon@ATHENA.MIT.EDU (Jedi/Sector One)
Sat Jun 29 13:18:26 2002

Date: Sat, 29 Jun 2002 08:55:37 +0200
From: Jedi/Sector One <j@pureftpd.org>
To: Ken.Williams@ey.com
Cc: bugtraq@securityfocus.com
Message-ID: <20020629065559.GA22344@c9x.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <OF178B4BAF.29ACDF01-ON86256BE5.0075BEC5@ey.com>

On Thu, Jun 27, 2002 at 04:32:32PM -0500, Ken.Williams@ey.com wrote:
> i downloaded mod_ssl-2.8.9-1.3.26 from the modssl.org archive and verified
> that it does have the off-by-one error, so it appears that there was a mistake
> in the vulnerability advisory.

  Yes, there was a typo. 
  
  All versions < 2.8.10 are affected.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26015] in bugtraq

Re: Apache mod_ssl off-by-one vulnerability

daemon@ATHENA.MIT.EDU (Jedi/Sector One)Sat Jun 29 13:18:26 2002

daemon@ATHENA.MIT.EDU (Jedi/Sector One)
Sat Jun 29 13:18:26 2002