FW: FLAWS FOUND IN APACHE

2002-06-18 Thread Vikramjit Singh
hi everyone, this mail is sent by my boss regarding flaws found in apache. Could anyone throw some light on this. Regards, Vikramjit Singh, Systems Engineer, GTL Ltd. Ph. 7612929-1031 > -Original Message- > From: Chandrashekar Rao Kuthyar > Sent: Tuesday, June 18,

Re: FLAWS FOUND IN APACHE

2002-06-18 Thread Nikola Milutinovic
> this mail is sent by my boss regarding flaws found in apache. Could anyone > throw some light on this. CERT reported yesterday that all current and recent versions of Apache, using HTTP/1.1 protocol have a buffer overflow bug. The bug is activated through maliciously crafted HT

RE: FLAWS FOUND IN APACHE

2002-06-18 Thread Vikramjit Singh
could you send the link for the article. Regards, Vikramjit Singh, Systems Engineer, GTL Ltd. Ph. 7612929-1031 -Original Message- From: Nikola Milutinovic [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 10:06 PM To: Tomcat Users List Subject: Re: FLAWS FOUND IN APACHE > t

RE: FLAWS FOUND IN APACHE

2002-06-18 Thread Chakradhar Tallam
http://www.cert.org/advisories/CA-2002-17.html -Original Message- From: Vikramjit Singh [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 19 June 2002 3:09 PM To: 'Tomcat Users List' Subject: RE: FLAWS FOUND IN APACHE could you send the link for the article. Regards, Vikra

Re: FLAWS FOUND IN APACHE

2002-06-18 Thread Joe Tomcat
It sounds to me like the only people who need to worry are those who run the affected versions on Windows * and on 64 bit systems. For most of us who run on 32 bit systems on Linux/*BSD/Unix, we don't need to worry, right? -- To unsubscribe, e-mail: For additional

Re: FLAWS FOUND IN APACHE

2002-06-18 Thread Nikola Milutinovic
> It sounds to me like the only people who need to worry are those who run the > affected versions on Windows * and on 64 bit systems. For most of us who run > on 32 bit systems on Linux/*BSD/Unix, we don't need to worry, right? Not exactly. The bug has been reproduced on Windows and some

Re: FLAWS FOUND IN APACHE

2002-06-18 Thread Nikola Milutinovic
> > It sounds to me like the only people who need to worry are those who run the > > affected versions on Windows * and on 64 bit systems. For most of us who run > > on 32 bit systems on Linux/*BSD/Unix, we don't need to worry, right? > > Not exactly. The bug has been reproduced on Windows

Re: FLAWS FOUND IN APACHE

2002-06-18 Thread Joel Rees
Nikola Milutinovic iwaku, > Anyway, a buffer overflow always adds a question mark, so until there is a new >Apache release, be on the lookout. I think the httpd.apache pages show an update already available (1.3.26/2.0.39). Am I mis-reading that? (ISS's patch is said to be insufficient.) --

Re: FLAWS FOUND IN APACHE

2002-06-18 Thread Nikola Milutinovic
> I think the httpd.apache pages show an update already available > (1.3.26/2.0.39). Am I mis-reading that? I'm downloading it as we speak. Nix.

RE: FLAWS FOUND IN APACHE

2002-06-19 Thread Tomasz . Ciolek
> For versions 1.3.x this bug allows the attacker to execute > arbitrary code on the attacked machine. On 64 bit architectures only. Please read the apache.org advisory... -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: FLAWS FOUND IN APACHE

2002-06-19 Thread Nikola Milutinovic
> > For versions 1.3.x this bug allows the attacker to execute > > arbitrary code on the attacked machine. > > On 64 bit architectures only. Please read the apache.org advisory... True, my mistake. However, on 32-bit platforms, 1.3.x will segfault, so you still have a DoS attack. People s