Date: Mon, 17 Jun 2002 23:39:49 -0600 (MDT) From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: CDs with patched Apache? Message-ID: <200206180539.XAA26264@lariat.org>
next in thread | raw e-mail | index | archive | help
As many folks are already aware, the version of Apache that's included in the FreeBSD ports and packages is subject to a buffer overflow which (at best) can cause a DoS and (at worst) can be used as a remote root exploit. The authors of the advisory from apache.org say that they believe 32-bit Unices can only be DoSed (see http://www.cert.org/advisories/CA-2002-17.html). But given the cleverness of skript creators, and the large number of potential target systems (Apache drives more than half the Web servers on the Net), we can't be 100% sure that someone won't find a clever way to smash the stack and root FreeBSD systems running vulnerable versions of Apache. Since Apache is one of the most commonly installed ports, disc vendors should strongly consider mastering their discs with a patched Apache. What's the status of the CDs and DVDs from various vendors? Will it be possible for them to "stop press" and do this? --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206180539.XAA26264>