Re: SSL update.. still giving me a Vulnerable status
"Jeroen de Leeuw den Bouter" <firstname.lastname@example.org> writes:
>> No, it checks a large and a small overflow. Jeroen, have you restarted
>> the httpd? If not, it is still running with the old library.
> I shut the whole apache down (both http and http-ssl).
Oh, in this case, I am really interested in the data Lupe suggested to
collect. There might be a false positive here. However, a clean
woody installation results in the expected answer (even if Apache-SSL
is used), so this is really worth close inspection.
So far I've seen two other reports of such an inconsistency. The
first one could be tracked down to a self-compiled Apache running on
the machine, the second one is still open.
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898