On Sat, 28 Jan 2006 13:56:50 +0100, Florian Weimer wrote: > * Nick Boyce: > > >>From this I infer that mod_auth_ldap for Debian-packaged Apache 2 must > > be included with the main Debian Apache packages, and that no > > libapache(2)-auth-ldap package is required - and that I therefore need > > fixed Apache 2 packages. Is this so ? > > Apache 2 comes with its own LDAP module, which may have shared a > common code base once (the Dave Carrigan is listed as author, too), > but the vulnerable function is not present in version 2.0.55-4. I > haven't looked at other versions.
Ah .. thats good to know. Thanks a lot for looking into it. I had looked around for Apache "mod/auth/ldap" modules when originally setting the server up, and found there are several alternatives on the Net by different authors. Without looking at any of the source code I guessed for some reason that the mod_auth_ldap packaged with Apache 1.3.x was the one by Muhammad A Muquit, who's also written a version for Apache 2. I'd better get the source deb for 2.0.54 and have a quick look. Cheers, Nick Boyce Bristol, UK -- It's always darkest just before you step on the cat. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
