Re: Buffer overflow vulnerability in apache2.0.30 mod_ssl

Re: Buffer overflow vulnerability in apache2.0.30 mod_ssl

am 06.07.2002 02:59:02 von Arlen Duncan II

the mod_ssl included in the apache2.0.39 is reporting as version 2.8.7
which is vulnerable to buffer overflow. CVE: CAN-2002-0082

Is the mod_ssl with 2.0.39 vulnerable as reported? or is this a false
positive? If it is vulnerable, how do
I update the mod_ssl as distributed with apache2.0.39 to the june-24th
release of 2.8.10 for apache1.3.26?

Thanks,

Arlen Duncan II
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org