Bug#2812: Apache server: SECURITY HOLE

To: debian-bugs@pixar.com, marks@thawte.com
Subject: Bug#2812: Apache server: SECURITY HOLE
From: miquels@Q.cistron.nl
Date: Thu, 25 Apr 1996 15:21:39 +0200 (MET DST)
Message-id: <[🔎] 199604251321.PAA10358@Q.cistron.nl>
Reply-to: miquels@Q.cistron.nl, debian-bugs@pixar.com

Package: apache
Version: 1.0.3-1

This package includes the "phf" CGI script which means that on every
system with this software anybody from outside can get a shell in about
3 seconds..

Advice: remove the "phf" binary from the package.

Mike.
--
  Miquel van    | Cistron Internet Services   --    Alphen aan den Rijn.
  Smoorenburg,  | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)

Reply to:

Prev by Date: Bug#2811: base: faulty /etc/passwd entry for "nobody"
Next by Date: Bug#2814: Apache 1.0.3: wrong manpage
Previous by thread: Bug#2811: base: faulty /etc/passwd entry for "nobody"
Next by thread: Bug#2814: Apache 1.0.3: wrong manpage
Index(es):
- Date
- Thread