As this bugtrack say "binaries from redhat" are not vulnerables but what happen to recompilations? https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200219
I understand that it is the compilation process what make this bug not exploitable and not the source code so, the question is: is the httpd binary from centos exploitable?
I could not find any refence in the web about this topic. maybe I should ask in the centos-user mailling list but because it is a compilation thing ..... I guess centos developer are the right to anwser
thanks in advance cu roger
__________________________________________ RedHat Certified Engineer ( RHCE ) Cisco Certified Network Associate ( CCNA )
____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
--- Roger Peña orkcu@yahoo.com wrote:
As this bugtrack say "binaries from redhat" are not vulnerables but what happen to recompilations?
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200219
I understand that it is the compilation process what make this bug not exploitable and not the source code so, the question is: is the httpd binary from centos exploitable?
I could not find any refence in the web about this topic. maybe I should ask in the centos-user mailling list but because it is a compilation thing ..... I guess centos developer are the right to anwser
sorry, I forgot to mention that I do test the following "proof of concept" test:
http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded
and httpd-2.0.52-28.ent.centos4 give the "302 Found" page so at least with that test I could not probe if it is vulnerable or not
again, thanks in advance for any anwser roger
__________________________________________ RedHat Certified Engineer ( RHCE ) Cisco Certified Network Associate ( CCNA )
____________________________________________________________________________________ We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265
On Fri, 2007-03-02 at 09:39 -0800, Roger Peña wrote:
--- Roger Peña orkcu@yahoo.com wrote:
As this bugtrack say "binaries from redhat" are not vulnerables but what happen to recompilations?
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200219
I understand that it is the compilation process what make this bug not exploitable and not the source code so, the question is: is the httpd binary from centos exploitable?
I could not find any refence in the web about this topic. maybe I should ask in the centos-user mailling list but because it is a compilation thing ..... I guess centos developer are the right to anwser
sorry, I forgot to mention that I do test the following "proof of concept" test:
http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded
and httpd-2.0.52-28.ent.centos4 give the "302 Found" page so at least with that test I could not probe if it is vulnerable or not
If it did do a "302 Found" ... then it is not vulnerable:
from the article:
"If your web server doesn't reply you with a '302 Found' page or a Segmentation Fault appears in your error_log, an apache child has crashed and your web server is vulnerable and exploitable."
So a 302 found is good.
Thanks, Johnny Hughes
--- Johnny Hughes mailing-lists@hughesjr.com wrote:
On Fri, 2007-03-02 at 09:39 -0800, Roger Peña wrote:
--- Roger Peña orkcu@yahoo.com wrote:
As this bugtrack say "binaries from redhat" are
not
vulnerables but what happen to recompilations?
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200219
I understand that it is the compilation process
what
make this bug not exploitable and not the source code so, the question is: is the httpd binary from centos exploitable?
I could not find any refence in the web about
this
topic. maybe I should ask in the centos-user mailling
list
but because it is a compilation thing ..... I
guess
centos developer are the right to anwser
sorry, I forgot to mention that I do test the following "proof of concept" test:
http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded
and httpd-2.0.52-28.ent.centos4 give the "302
Found"
page so at least with that test I could not probe
if
it is vulnerable or not
If it did do a "302 Found" ... then it is not vulnerable:
from the article:
"If your web server doesn't reply you with a '302 Found' page or a Segmentation Fault appears in your error_log, an apache child has crashed and your web server is vulnerable and exploitable."
So a 302 found is good.
yes, I know it is good
but can't see why this is a sufficient condition to say "not vulnerable" of course, what I can see is that if I got another page or make a fault then I can say "it is vulnerable"
do you see my point? ;-) I think it is not a two way relation: if A imply B do not meant B imply A
but, I am not saying that centos binary are vulnerables!!! just that I can't find an explanation to say "not vulnerable" because uptreams is not.
also, I could not had the time yet to verify what is the the following fix to mod_rewrite:
* Tue Jun 20 2006 Joe Orton jorton@redhat.com 2.0.52-26.ent
- add mod_rewrite ldap scheme handling fix
does anybody know if this is the source code fix to this vulnerability (back ported)? the date of this fix is before the date of the redhat bugtrack and before the CVS assignation (20060720) so it looks not related but I could be wrong...
thanks roger PD: I guess this is the first time I can see the difference that some people try to stress when they say : "they are not RHEL clones, they are recompilations"
__________________________________________ RedHat Certified Engineer ( RHCE ) Cisco Certified Network Associate ( CCNA )
____________________________________________________________________________________ Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=list&sid=396546091
-
Johnny Hughes -
Roger Peña