Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Web Server > Issue <<  19 of 73 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 8653
Last update: 08-02-06
Issue:
Is Red Hat Enterprise Linux vulnerable to the Apache mod_rewrite off-by-one vulnerability (CVE-2006-3747)?
Resolution:

This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1 as it does not contain the vulnerable code.

The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally.

The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as packaged by Red Hat and determined that these versions cannot be exploited. We therefore do not plan on providing updates for this issue.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Web Server > Issue <<   19  of  73  >>