[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Security Apache 1.x

Subject: Re: [cobalt-security] Security Apache 1.x
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Jun 2002 15:03:58 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> >Any pach for Cobalt?
> I do believe you will find that this is a problem with apache on windows
> and 64bit unix.

According to the Apache security bulletin[1] this problem does affect
32bit platforms:

	"In Apache 1.3 the issue causes a stack overflow.  Due to the
	nature of the overflow on 32-bit Unix platforms this will cause a
	segmentation violation and the child will terminate"

As the release points out, it doesn't seem that this allows remote code
execution, but it does make for an easy DOS attack.

Regards,

John

[1] http://httpd.apache.org/info/security_bulletin_20020617.txt

References:
- Re: [cobalt-security] Security Apache 1.x
  - From: David Lucas

Prev by Date: Re: [cobalt-security] new bind exploit?
Next by Date: [cobalt-security] Security Apache 1.x
Previous by thread: Re: [cobalt-security] Security Apache 1.x
Next by thread: Re: [cobalt-security] Security Apache 1.x

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index