Apache - SSL_MOD buffer overflow problem

[netearth]

Hi,

Can you tell me if DirectAdmin is vunreable to the SSL_MOD buffer overflow problem that is associated with the current BOFRA worm that is going on.

Regards,
Chris Pelling

More information on the Bofra exploit :
http://www.theregister.co.uk/2004/11/22/apache_hijack_serves_iframe_exploit/

 

[fusionictnl]

DirectAdmin isn't running on HTTPD (Apache).

It's a seperate deamon!

 

[netearth]

Ok Ill ask this a different way then!

Directadmin supplies its own customised version of Apache and mod_ssl The mod_ssl source is contained in:
/usr/local/directadmin/customapache/mod_ssl-2.8.19-1.3.31.tar.gz
and the Apache source in:
/usr/local/directadmin/customapache/apache_1.3.31.tar.gz

Is this combination vulnerable to the mod_ssl buffer overflow?