Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
In article <[EMAIL PROTECTED]> you wrote: > If I'm not mistaken the vulnerabilities existed in two files found in > apache-common. Does anybody know why the Vuln is classified as a remote exploit? Arent SSI tags dependend on local modifications? Or are there tags which can be remote exploited, if used. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
Quoting Steve Suehring <[EMAIL PROTECTED]>: > If I'm not mistaken the vulnerabilities existed in two files found in > apache-common. Since apache-common is a prerequisite for apache-ssl, > updating apache-common should correct the vulnerability. I could be > wrong and I'm sure someone will correct me if I am. :) You are correct. The files are /usr/bin/htpasswd and /usr/lib/apache/1.3/mod_include.so. Both are indeed in apache-common. Otherwise, the apache-perl package might be affected too. Not only apache-ssl. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity| | Home for Badgers with Rabies.Michael Lucas | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: any DSA for CAN-2004-0930
Hi Rolf, "Wed, 17 Nov 2004 11:35:01 +0100", "Rolf Kutz" "Re: any DSA for CAN-2004-0930" >> How about CAN-2004-0600 and CAN-2004-0686 for samba in stable? > >There is no Samba3 in stable. OK, I know that, stable version is Samba 2.2.3a based one, not 3.0.x. And upstream said all of support for 2.2.x is terminated in 31th Oct, but CAN-2004-0600 and CAN-2004-0686 published in July...about 4 mouths ago. Debian Samba package in stable would be affected, I think, but no DSA is published. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838 Why? -- Regards, Hideki Yamane Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]