From owner-freebsd-security  Fri Nov 27 07:39:41 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA01199
          for freebsd-security-outgoing; Fri, 27 Nov 1998 07:39:41 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA01194
          for <freebsd-security@FreeBSD.ORG>; Fri, 27 Nov 1998 07:39:39 -0800 (PST)
          (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE)
Received: (from kuku@localhost)
	by gilberto.physik.RWTH-Aachen.DE (8.8.8/8.8.7) id QAA29344;
	Fri, 27 Nov 1998 16:39:28 +0100 (MET)
	(envelope-from kuku)
Message-ID: <19981127163928.B29306@gil.physik.rwth-aachen.de>
Date: Fri, 27 Nov 1998 16:39:28 +0100
From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
To: Eivind Eklund <eivind@yes.no>,
        Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: cgi-bin/phf* security hole in apache
References: <19981126190545.A26062@gil.physik.rwth-aachen.de> <22257.912152434@axl.training.iafrica.com> <19981127105744.A28408@gil.physik.rwth-aachen.de> <19981127161408.E9226@follo.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91
In-Reply-To: <19981127161408.E9226@follo.net>; from Eivind Eklund on Fri, Nov 27, 1998 at 04:14:08PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Nov 27, 1998 at 04:14:08PM +0100, Eivind Eklund wrote:
> On Fri, Nov 27, 1998 at 10:57:44AM +0100, Christoph Kukulies wrote:
> > Is there any danger and to what extent arising from previous or current
> > apache httpd installations from the FreeBSD ports tree, especially WRT
> > that phf security hole?
> > 
> > Shouldn't the port also install the phf 'candid camera' catcher
> > automatically?
> 
> Maybe.  Do you have any reference to this catcher and what it does?

ports/www/apache12/work/apache_1.2.6/support/phf_abuse_log.cgi

AFAIU if one puts this script into the server cgi-bin directory
(currently there isn't any phf file in it either) this script becomes
virulent (in the sense that it catches the wannabe intrudor).


> 
> Eivind.

-- 
--Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message