Re: Apache Exploit Released - where is an update for Woody?
On 2002.06.20 22:02 Derrick 'dman' Hudson wrote:
On Thu, Jun 20, 2002 at 01:58:23PM -0500, Gary Turner wrote:
| On Thu, 20 Jun 2002 12:04:40 -0500, Derrick 'dman' Hudson wrote:
| >On Thu, Jun 20, 2002 at 01:29:04PM +1000, John wrote:
| >Nonetheless, the DSA says it affects 64-bit architectures. It
| >like if you're not using a 64-bit system (eg SPARC or ia64) then
| >aren't vulnerable.
| From Linux Weekly News http://lwn.net 6/20/02
| "Note also that an exploit for 32-bit systems has been posted. It
| originally stated that 32-bit systems were not vulnerable to
| remote exploits, but that claim has been demonstrated to be false.
| the nature of this vulnerability, anybody running an Apache
| server should upgrade sooner rather than later."
Thanks all for the correct details. Isn't it great when the fix is
released *before* the worm?
Actually, it wasn't. This exploit has been reported in the while for
at least a week. In fact, from what I understand, there were some hard
feelings between the Apache Foundation and ISS explicitly because they
(the Apache Foundation) weren't notified in time to release a patch
before ISS reported the exploit.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com