Re: SSL update.. still giving me a Vulnerable status

To: "Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au>
Cc: <debian-security@lists.debian.org>
Subject: Re: SSL update.. still giving me a Vulnerable status
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Thu, 19 Sep 2002 17:09:53 +0200
Message-id: <[🔎] 871y7q583i.fsf@Login.CERT.Uni-Stuttgart.DE>
Mail-followup-to: "Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au>, <debian-security@lists.debian.org>
In-reply-to: <[🔎] 014501c25edc$51f71ac0$060aa8c0@in.netventures.com.au> ("Jeroen de Leeuw den Bouter"'s message of "Wed, 18 Sep 2002 16:26:27 +1000")
References: <[🔎] ACB9EEE02202C449B0158F02DDD8AD0C0305F1@exquila.lirex.com> <[🔎] 004701c25eae$12e0fb90$060aa8c0@in.netventures.com.au> <[🔎] 20020918011014.GH10678@morgul.net> <[🔎] 20020918061557.GC1238@lupe-christoph.de> <[🔎] 014501c25edc$51f71ac0$060aa8c0@in.netventures.com.au>

"Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au> writes:

>> No, it checks a large and a small overflow. Jeroen, have you restarted
>> the httpd? If not, it is still running with the old library.

> I shut the whole apache down (both http and http-ssl).

Oh, in this case, I am really interested in the data Lupe suggested to
collect.  There might be a false positive here.  However, a clean
woody installation results in the expected answer (even if Apache-SSL
is used), so this is really worth close inspection.

So far I've seen two other reports of such an inconsistency.  The
first one could be tracked down to a self-compiled Apache running on
the machine, the second one is still open.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to:

Follow-Ups:
- Re: SSL update.. still giving me a Vulnerable status
  - From: "Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au>

References:
- RE: question from a newbie regarding possible trojan
  - From: "Boyan Krosnov" <bkrosnov@lirex.bg>
- SSL update.. still giving me a Vulnerable status
  - From: "Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au>
- Re: SSL update.. still giving me a Vulnerable status
  - From: "Noah L. Meyerhans" <frodo@morgul.net>
- Re: SSL update.. still giving me a Vulnerable status
  - From: lupe@lupe-christoph.de (Lupe Christoph)
- Re: SSL update.. still giving me a Vulnerable status
  - From: "Jeroen de Leeuw den Bouter" <jeroen@netventures.com.au>

Prev by Date: Re: slapper countermeasures
Next by Date: Re: configuration problem with interaction of krb5 and kde screensaver
Previous by thread: RE: SSL update.. still giving me a Vulnerable status
Next by thread: Re: SSL update.. still giving me a Vulnerable status
Index(es):
- Date
- Thread