[CentOS-devel] may Centos be vulnerable to this bug?
mailing-lists at hughesjr.com
Fri Mar 2 19:42:20 UTC 2007
On Fri, 2007-03-02 at 09:39 -0800, Roger Peña wrote:
> --- Roger Peña <orkcu at yahoo.com> wrote:
> > As this bugtrack say "binaries from redhat" are not
> > vulnerables but what happen to recompilations?
> > I understand that it is the compilation process what
> > make this bug not exploitable and not the source
> > code
> > so, the question is:
> > is the httpd binary from centos exploitable?
> > I could not find any refence in the web about this
> > topic.
> > maybe I should ask in the centos-user mailling list
> > but because it is a compilation thing ..... I guess
> > centos developer are the right to anwser
> sorry, I forgot to mention that I do test the
> following "proof of concept" test:
> and httpd-2.0.52-28.ent.centos4 give the "302 Found"
> page so at least with that test I could not probe if
> it is vulnerable or not
If it did do a "302 Found" ... then it is not vulnerable:
from the article:
"If your web server doesn't reply you with a '302 Found' page or a
Segmentation Fault appears in your error_log, an apache child has
crashed and your web server is vulnerable and exploitable."
So a 302 found is good.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-devel/attachments/20070302/222dc49a/attachment.bin
More information about the CentOS-devel