Bugtraq mailing list archives
Re: Apache mod_ssl off-by-one vulnerability
From: Jedi/Sector One <j () pureftpd org>
Date: Sat, 29 Jun 2002 08:55:37 +0200
On Thu, Jun 27, 2002 at 04:32:32PM -0500, Ken.Williams () ey com wrote:
i downloaded mod_ssl-2.8.9-1.3.26 from the modssl.org archive and verified that it does have the off-by-one error, so it appears that there was a mistake in the vulnerability advisory.
Yes, there was a typo. All versions < 2.8.10 are affected. -- __ /*- Frank DENIS (Jedi/Sector One) <j () 42-Networks Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/
Current thread:
- Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 26)
- Re: Apache mod_ssl off-by-one vulnerability H D Moore (Jun 27)
- <Possible follow-ups>
- Re: Apache mod_ssl off-by-one vulnerability Ken . Williams (Jun 28)
- Re: Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 29)