Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Alan Rouse (ARousen2bb.com)
Date: Thu Jun 20 2002 - 11:04:18 CDT
> So, why should they bring out a fixed version, if there were not a
> _potential_ exploit? Remote root will not be, because apache doesn't
> as root, but wwwrun might be. I don't see the point of this
> There was a bug, there is a fix. SuSE did a great and fast job.
SuSE did not claim to have fixed a remote root exploit. They claimed to
have fixed a DDOS. They specifically stated that the bug they addressed
could not be used to inject code and gain access to the machine. That
doesn't make me very confident that their patch addresses the newly
disclosed problem (which specifically DOES inject code and gain access
to the machine).
-- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here