From owner-freebsd-isp Thu Sep 26 12:34:48 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDB1E37B401 for ; Thu, 26 Sep 2002 12:34:46 -0700 (PDT) Received: from blue.centerone.com (blue.centerone.com [204.133.183.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 336CE43E65 for ; Thu, 26 Sep 2002 12:34:46 -0700 (PDT) (envelope-from rf-list@centerone.com) Received: from localhost (rf-list@localhost) by blue.centerone.com (8.9.3/8.9.3) with ESMTP id NAA25142; Thu, 26 Sep 2002 13:48:06 -0600 Date: Thu, 26 Sep 2002 13:48:06 -0600 (MDT) From: Ralph Forsythe To: Drew Tomlinson Cc: Andre Hall , Subject: Re: Frontpage Extensions Vulnerability In-Reply-To: <017001c26584$83644430$6e2a6ba5@TAGALONG> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That's the impression I got as well. MS suggested running the IIS security tool (I've never used it so I have no idea how that goes - I "just say no" to IIS) but made zero mention of extensions ported to Apache or anything else it might run on. I have noticed a lot of scans lately in my httpd logs (apache also segfaulted at least once, but that might just be a performance tuning issue on my end) but nothing to suggest that an attack was successful. MS has only released patches for IIS-based extensions. For the time being I'm considering myself safe, but am watching the various security news services closely for any relevant announcements. Has anyone tried this exploit against an apache-FP server just to see what happens? - Ralph On Thu, 26 Sep 2002, Drew Tomlinson wrote: > ----- Original Message ----- > From: "Andre Hall" > To: > Sent: Thursday, September 26, 2002 8:37 AM > > > > Interesting alert released by Microsoft about Frontpage extensions. > If > > you are running them you may be at risk. But that's a given. > > http://news.com.com/2100-1001-959577.html?tag=fd_top > > I read this post. It seems to me that the problem is only on IIS > running FP Extensions? Can anyone confirm or deny this? In other > words, are those of us running FP Extension on our Apache servers at > some known risk? > > Thanks, > > Drew > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message