On Tue, May 11, 2004 at 04:57:06PM +0530, Srivatsan wrote: > Just curious to know what will happen if I applied a Patch released by > Redhat for Apache ? > For e.g.,, the following link contains a patch for CAN-2003-0542, > CAN-2003-0789 > [1]http://rhn.redhat.com/errata/RHSA-2003-320.html > The rpm file is: httpd-2.0.40-11.9.i386.rpm. > Will the Banner from the Server be 2.0.40-11.9 or just 2.0.40 ?
Red Hat typically doesn't include release numbers in Apache's version
string. Thus, the banner is likely to read simply "Apache/2.0.40 (Red
Hat Linux)", barring any modifications to Apache's ServerSignature or
ServerTokens directives by webmasters.
> If it is just 2.0.40, then the plugin will succeed, even after
> applying the patch, resulting in false positive.
True. Take a look at the following message from Renaud about this:
http://msgs.securepoint.com/cgi-bin/get/nessus-0403/149/2.html
> I tried to install this patch on my RedHat Linux 8.0 but installation
> failed because of glibc dependency.
> Had anybody tried ?
What patch? Or do you mean the revised RPM? If the latter, are you sure
you have the one for your version of Red Hat?
Myself, I prefer to compile things from source. It requires a bit more
knowledge, but it avoids problems like these (version strings unchanged,
unmet dependencies).
George
--
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
