NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SuSE Linux> 2002-q2

From: Alan Rouse (ARousen2bb.com)
Date: Thu Jun 20 2002 - 11:04:18 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> So, why should they bring out a fixed version, if there were not a
> _potential_ exploit? Remote root will not be, because apache doesn't
run
> as root, but wwwrun might be. I don't see the point of this
discussion.
> There was a bug, there is a fix. SuSE did a great and fast job.

SuSE did not claim to have fixed a remote root exploit. They claimed to
have fixed a DDOS. They specifically stated that the bug they addressed
could not be used to inject code and gain access to the machine. That
doesn't make me very confident that their patch addresses the newly
disclosed problem (which specifically DOES inject code and gain access
to the machine).

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]