Date: Tue, 18 Apr 1995 18:20:20 -0400 (EDT) From: jfieber@cs.smith.edu (John Fieber) To: nc@ain.charm.net (Network Coordinator) Cc: freebsd-security@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: httpd - security problem? (question, not a statement) Message-ID: <199504182220.SAA23561@grendel.csc.smith.edu> In-Reply-To: <Pine.BSF.3.91.950412191639.621A-100000@ain.charm.net> from "Network Coordinator" at Apr 12, 95 07:18:43 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Network Coordinator writes: > I remember reading somewhere that there is a bug in a number of port 80 > daemons that would allow someone to gain root access remotely through it. > I know there is a bug when using httpd with Satan v1.0 (well, for as much > as a I trust CERT), but when not running Satan, is there any harm in > letting cern_httpd v3.0 run in standalone (full-time) mode [as root, no > less]. There was a bug in the NCSA http server which has since been fixed. I'm not currently aware of any problems with the CERN server. -john === jfieber@cs.smith.edu ================================================ =================================== Come up and be a kite! --K. Bush ===
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504182220.SAA23561>