[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Recompiling SSH / Apache [was Significant OpenSSH Vulnerability ??]
- Subject: Re: [cobalt-security] Recompiling SSH / Apache [was Significant OpenSSH Vulnerability ??]
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 26 Jun 2002 15:56:47 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Jelmer,
> I by the way did install OpenSSL 0.9.6d, assuming
> backward compatibility of the libs. Nothing broke just now.
I have some mixes experiences with swapping out OpenSSL entirely, but it's
good if it works for you.
> As for frontpage, I did not know it needed some software support. I thought
> it was just adding the right dirs and use some <limit PUT> stuff?
There are several implementations for Frontpage availabe from various sources.
They all more or less come in the form of a patch which you run against the
Apache sourcecode with the correct version number.
> From a security viewpoint: Adminserver can run perfectly on apache 1.3.20
> with the view blowchunks <perl></perl> lines added to the conf.
Yes, that's correct. But the Admin server uses the same libraries and modules
as the regular Apache. Just the config files and the executable are
different. So when you install a newer Apache in the same place as the public
webserver and leave the Adminserver unchanged, then the Adminserver will
break due to the changed libraries and modules.
> BTW: I seem to have lost the abiliy to spell the word necessairy correctly.
> Any hints?
Although my English is quite good "necessary" is among the words which I often
write wrong, too. But lets not stray too far into open topics here. ;o)
--
With best regards
Michael Stauber