The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bug in all apache ve

Discussion in 'EasyApache' started by zex, Jun 18, 2002.

  1. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    This is very seriuos problem wich can give to remotly attackers abilty to control server trough this exploit.
    More informatio can be founded on
    http://httpd.apache.org/info/security_bulletin_20020617.txt

    According to this advisory owner of 32 bit UNIX platform should not be
    affected with this problem.
     
  2. bdraco

    bdraco Guest

    [quote:b52e5274c6][i:b52e5274c6]Originally posted by zex[/i:b52e5274c6]

    This is very seriuos problem wich can give to remotly attackers abilty to control server trough this exploit.
    More informatio can be founded on
    http://httpd.apache.org/info/security_bulletin_20020617.txt

    According to this advisory owner of 32 bit UNIX platform should not be
    affected with this problem.


    [/quote:b52e5274c6]


    32 bit macines (intel based machines) are affected to some extent. You can starve the system by using this hole in apache and bring a server to its knees. We are working on a new buildapache.sea, however we are waiting for the modssl people to release a new version that works with the new apache.
     
  3. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    [quote:4a02d1e511][i:4a02d1e511]Originally posted by bdraco[/i:4a02d1e511]


    32 bit macines (intel based machines) are affected to some extent. You can starve the system by using this hole in apache and bring a server to its knees. We are working on a new buildapache.sea, however we are waiting for the modssl people to release a new version that works with the new apache.[/quote:4a02d1e511]

    Wich new apache 1.3.x or 2.x ?
    If it is 1.3.x does that mean that people from apache fundation are made some heavy modifications to the apache wich is not comaptibily with older mod_ssl ?
     
  4. sketchified

    sketchified Active Member

    Joined:
    Sep 23, 2001
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Just thought I'd point out that there is now a version of mod_ssl compatible with apache 1.3.26.

    www.modssl.org
     
  5. zex

    zex Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    That means that we can espect new apachebuild soon ;)
     
Loading...

Share This Page