Date: Thu, 26 Sep 2002 13:48:06 -0600 (MDT) From: Ralph Forsythe <rf-list@centerone.com> To: Drew Tomlinson <drew@mykitchentable.net> Cc: Andre Hall <ahall@pcgameauthority.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Frontpage Extensions Vulnerability Message-ID: <Pine.LNX.4.44.0209261341330.24795-100000@blue.centerone.com> In-Reply-To: <017001c26584$83644430$6e2a6ba5@TAGALONG>
next in thread | previous in thread | raw e-mail | index | archive | help
That's the impression I got as well. MS suggested running the IIS security tool (I've never used it so I have no idea how that goes - I "just say no" to IIS) but made zero mention of extensions ported to Apache or anything else it might run on. I have noticed a lot of scans lately in my httpd logs (apache also segfaulted at least once, but that might just be a performance tuning issue on my end) but nothing to suggest that an attack was successful. MS has only released patches for IIS-based extensions. For the time being I'm considering myself safe, but am watching the various security news services closely for any relevant announcements. Has anyone tried this exploit against an apache-FP server just to see what happens? - Ralph On Thu, 26 Sep 2002, Drew Tomlinson wrote: > ----- Original Message ----- > From: "Andre Hall" <ahall@pcgameauthority.com> > To: <freebsd-isp@freebsd.org> > Sent: Thursday, September 26, 2002 8:37 AM > > > > Interesting alert released by Microsoft about Frontpage extensions. > If > > you are running them you may be at risk. But that's a given. > > http://news.com.com/2100-1001-959577.html?tag=fd_top > > I read this post. It seems to me that the problem is only on IIS > running FP Extensions? Can anyone confirm or deny this? In other > words, are those of us running FP Extension on our Apache servers at > some known risk? > > Thanks, > > Drew > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0209261341330.24795-100000>