Date: Tue, 18 Jun 2002 10:34:51 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> To: ANdrei <andrei@abc.ro> Cc: security@FreeBSD.ORG Subject: Re: Apache issues Message-ID: <20020618153451.GE8793@madman.nectar.cc> In-Reply-To: <3D0F4DFF.4ABEE1FB@abc.ro> References: <3D0F4DFF.4ABEE1FB@abc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 18, 2002 at 06:13:03PM +0300, ANdrei wrote: > have a few questions: > > 1) anyone heard anything about a worm/exploit for FreeBSD primarly, and > other systems, taking advantage of the new Apache bug? No. Most are of the opinion that the bug is not exploitable (i.e. cannot be used to execute code on the target) on platforms other than Windows --- but of course it is hard to be certain of these things. > 2) is FreeBSD considered to be a possible target? as far as i > understood, it shouldn't be vulnerable... and if, does the bug exist in > Apache2 too? FreeBSD is a possible target to denial-of-service attacks. It does exist in apache 2 also (it was discovered there first). > 3) anyone knows if the ports have the new fixed version? as far as i > understood, apache didn't release a fix till now... maybe we should have > at least the port "closed" till the fix is out... keep in mind that lots > of people do NOT read security lists (i know plenty of them), but they > upgrade packages on a regular basis... they could install the "new" > apache today, and then not worry like 2 months, though they did the > update just one day before the patch was released... > Of course, if the port was already frozen, i apologise for this last > comment... haven't checked it :) The new apache is not available yet. The port is already marked FORBIDDEN. The port maintainers have been notified to look out for the new release. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020618153451.GE8793>