Date: Fri, 21 Jun 2002 20:25:32 +0200 From: Bernhard Schmidt <berni@birkenwald.de> To: Maxim Kozin <madmax@express.ru> Cc: freebsd-security@freebsd.org Subject: Re: Apache expoit? Message-ID: <20020621182532.GA50708@thor.birkenwald.de> In-Reply-To: <Pine.BSF.4.05.10206201332120.3035-100000@ds.express.ru> References: <2147483647.1024500409@[192.168.4.154]> <Pine.BSF.4.05.10206201332120.3035-100000@ds.express.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 20, 2002 at 02:44:35PM +0400, Maxim Kozin wrote:
> "Exploit" from this letter tested on FreeBSD 4.6-RELEASE with different
> version apache:
> 1) 2.0.36
> 2) 2.0.39
> 3) 1.3.26
> In case of 1) and (!) 2) httpd child died with "child out of swap
> space".
> So, in 2.0.39 still exists DoS.
JFTR, same here on FreeBSD 4.5-RELEASE and 4.6-RELEASE with Apache 2.0.39
straight from /usr/ports/www/apache2.
Anyone heard something from the apache.org people about this?
--
bye bye
Bernhard
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020621182532.GA50708>