Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Apr 1995 18:20:20 -0400 (EDT)
From:      jfieber@cs.smith.edu (John Fieber)
To:        nc@ain.charm.net (Network Coordinator)
Cc:        freebsd-security@FreeBSD.org, freebsd-questions@FreeBSD.org
Subject:   Re: httpd - security problem? (question, not a statement)
Message-ID:  <199504182220.SAA23561@grendel.csc.smith.edu>
In-Reply-To: <Pine.BSF.3.91.950412191639.621A-100000@ain.charm.net> from "Network Coordinator" at Apr 12, 95 07:18:43 pm

next in thread | previous in thread | raw e-mail | index | archive | help
Network Coordinator writes:
> I remember reading somewhere that there is a bug in a number of port 80 
> daemons that would allow someone to gain root access remotely through it. 
> I know there is a bug when using httpd with Satan v1.0 (well, for as much 
> as a I trust CERT), but when not running Satan, is there any harm in 
> letting cern_httpd v3.0 run in standalone (full-time) mode [as root, no 
> less].

There was a bug in the NCSA http server which has since been
fixed.  I'm not currently aware of any problems with the CERN
server.

-john

=== jfieber@cs.smith.edu ================================================
=================================== Come up and be a kite!  --K. Bush ===



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504182220.SAA23561>