On Thu, Jun 20, 2002 at 12:04:40PM -0500, Derrick 'dman' Hudson wrote: > On Thu, Jun 20, 2002 at 01:29:04PM +1000, John wrote: > | There's now an exploit in the wild for Apache (the chunked whatever > | bug). The DSA mentions an update which is version 1.3.9-14.1 > | > | We need a version > 1.2.12, and are running 1.3.23 from woody. Is there > | any idea where a patched 1.3.23 for woody might be? Or should I install > | from source from apache.org? > > Woody currently has 1.3.24-3 (as does sid). (at least, according to > the mirror I use) > > Nonetheless, the DSA says it affects 64-bit architectures. It sounds > like if you're not using a 64-bit system (eg SPARC or ia64) then you > aren't vulnerable. > > <quote> > ... might allow arbitrary code execution on 64 bit architectures. > </quote>
The exploit proved this false. The exploit was for openbsd on i386. It would probably be trivial to port it to linux. It's just a matter of time... Time probably measured in hours. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]