[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] openssl exploitable still?
- Subject: Re: [cobalt-security] openssl exploitable still?
- From: "lists" <lists@xxxxxxxxxxxxxxxx>
- Date: Tue, 17 Feb 2004 15:54:22 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hmm ok.. Can I do tihs against 1.3.20 (the version of apache I run)??
Dave
----- Original Message -----
From: "Dmitry Alexeyev" <dmi_a@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, February 17, 2004 3:47 PM
Subject: Re: [cobalt-security] openssl exploitable still?
> AFAIK, your steps should be:
> 1) build new openssl, take some from redhat and rpm --rebuild
> package.src.rpm, then go to /usr/src/redhat/RPMS/i386 and install it
>
> 2) Download new mod_ssl source from http://www.modssl.org/
>
> 3) # cd mod_ssl-2.8.15-1.3.29
> # ./configure --with-apache=../apache_1.3.29 --with-ssl=/usr
> --enable-shared=ssl \
> --with-mm=/usr/local
>
> ...something like this.
>
> Dmitry
>
> > Well someone knows then, I am getting pages defaced (hidden IFRAMES
> > for popups) and around the same time i get SSL handshake errors..
> >
> > How can I compile mod_ssl outside of apache?
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>