There seems to be a presumption that we are safe until proven otherwise,
despite indications to the contrary. That worries me.

In case you missed it, you should read this:

http://online.securityfocus.com/archive/1/278446/2002-06-23/2002-06-29/0

(Possibly exploited on linux / intel in April). Keep in mind also that
gobbles claims to have exploited linux.

-----Original Message-----
From: Roman Dorr [mailto:rdotro.net]
Sent: Wednesday, July 03, 2002 4:20 AM
To: suse-securitysuse.com
Subject: RE: [suse-security] Gobbles Apache Exploit

Hi,

afaik the exploit is targeted vs. *BSD Systems.
Running it against our Apache's "only" resulted
in higher load and error logs filling up.

This potential DoS was still possible even with
the latest Apache version though, so I wouldn't
expect any update helping here.

with kind regards,

Roman Doerr

> -----Original Message-----
> From: Patrik Breitenmoser [mailto:pbreitenmoserfestland.ch]
> Sent: Wednesday, July 03, 2002 10:03 AM
> To: suse-securitysuse.com
> Subject: [suse-security] Gobbles Apache Exploit
>
>
>
> Hi,
>
> I was just wondering if my patched apache on suse 7.3 is save against
that
> exploit.
>
> regards
> Patrik
>
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
>

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]