Author Topic:   Apache server Vulnerability
The Weatherman
posted June 26, 2002 04:35 PM         
Just a heads up for all the web servers out there: There is a new secrity flaw in the Apache web server. Here is the info from SANS.com


--20 June 2002 Apache Exploit Posted
Gobbles Security posted an exploit for an Apache server software
vulnerability on several mailing lists and on-line libraries.
The program exploits a security hole in OpenBSD systems running
Apache 1.3.x. In an e-mail interview, Gobbles said they released
the code because they were fed up with hearing about how it was
an unexploitable hole. A comment line in the code suggests it may
have been used in the surreptitious backdoor installations in tools
available on Monkey.org. http://online.securityfocus.com/news/493

--18 June 2002 Apache Users Urged to Upgrade
Everyone running Apache servers should upgrade their software,
according to the software's developers. A potentially serious buffer
overflow vulnerability could allow hackers to take control of unpatched
computers or launch a denial of service attack. CERT/CC has issued
an advisory. No attacks exploiting the problem have been reported. http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,72089,00.html http://www.cert.org/advisories/CA-2002-17.html

Get 'em patched!
A message form your friendly neighborhood Weatherman

(and no, Par, I ain't backslidin' ! Just want the comm to be covered


posted June 26, 2002 06:47 PM            
Comest hither WM, and place yourself on yonder end of this herre missile!

If I were you and you were me and I fragged you whose score would go up?


posted June 26, 2002 09:58 PM            
*gasp* - 3 posts from WM in one month?

<falls over dead, no more DDM servers>