[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] openssl exploitable still?
- Subject: Re: [cobalt-security] openssl exploitable still?
- From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
- Date: Tue, 17 Feb 2004 23:11:11 +0300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>
> Doesnt that mean my openssl/modssl is external library which can be
> upgraded without redoing apache/php4.3.3 and whatnot all over?
>
Yes. Just compile mod_ssl outside of apache.
But you really should not worry about some public exploits - a cracker
needs to know the addrees of free() function in your binary. If they
have your httpd, they can exploit it.
Dmitry