Contributed by jose on from the SPARC64-only dept.
Due to a bug in the parsing of Allow/Deny rules for httpd(8)'s access module, using IP addresses without a netmask on big endian 64-bit platforms causes the rules to fail to match. This only affects sparc64.This is also known by the CVE candidate name CAN-2003-0993 .
Patches areavailable:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/014_httpd2.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch
(Comments are closed)
By dlg () dlg@dorkzilla.org on http://www.dorkzilla.org/~dlg
Comments
By Anonymous Coward () on
Comments
By bdge () on
I can't understand why.
There are other specific sections...
Comments
By jose () on http://monkey.org/~jose/
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
Comments
By bdge () on
By Anonymous Coward () on
we need to upgrade ASAP?
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
Comments
By Anonymous Coward () on
Comments
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org