On Wed, Oct 19, 2005 at 11:09:58AM +0200, Moritz Muehlenhoff wrote: > Hi, > as the attack is based on overflowing buf1[] through crafted len values > taken from the packet header in BoGetDirection() and this function isn't > present in 2.3 Debian doesn't seem to vulnerable.
Yes, based on the source code changes and the fact that the Bo preprocessor was heavily modified for 2.4 (which is what ISS reviewed) seems like that is true. I want to test the available exploits before closing #334606 though. Javier
signature.asc
Description: Digital signature
