--- Roger Peña orkcu@yahoo.com wrote:
As this bugtrack say "binaries from redhat" are not vulnerables but what happen to recompilations?
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200219
I understand that it is the compilation process what make this bug not exploitable and not the source code so, the question is: is the httpd binary from centos exploitable?
I could not find any refence in the web about this topic. maybe I should ask in the centos-user mailling list but because it is a compilation thing ..... I guess centos developer are the right to anwser
sorry, I forgot to mention that I do test the following "proof of concept" test:
http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded
and httpd-2.0.52-28.ent.centos4 give the "302 Found" page so at least with that test I could not probe if it is vulnerable or not
again, thanks in advance for any anwser roger
__________________________________________ RedHat Certified Engineer ( RHCE ) Cisco Certified Network Associate ( CCNA )
____________________________________________________________________________________ We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265