[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL update.. still giving me a Vulnerable status

"Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au> writes:

>> No, it checks a large and a small overflow. Jeroen, have you restarted
>> the httpd? If not, it is still running with the old library.

> I shut the whole apache down (both http and http-ssl).

Oh, in this case, I am really interested in the data Lupe suggested to
collect.  There might be a false positive here.  However, a clean
woody installation results in the expected answer (even if Apache-SSL
is used), so this is really worth close inspection.

So far I've seen two other reports of such an inconsistency.  The
first one could be tracked down to a self-compiled Apache running on
the machine, the second one is still open.

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to: