[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache Exploit Released - where is an update for Woody?

On 2002.06.20 22:02 Derrick 'dman' Hudson wrote:
On Thu, Jun 20, 2002 at 01:58:23PM -0500, Gary Turner wrote:
| On Thu, 20 Jun 2002 12:04:40 -0500, Derrick 'dman' Hudson wrote:
| >On Thu, Jun 20, 2002 at 01:29:04PM +1000, John wrote:
| <snip>
| >Nonetheless, the DSA says it affects 64-bit architectures.  It
| >like if you're not using a 64-bit system (eg SPARC or ia64) then
| >aren't vulnerable.
| From Linux Weekly News http://lwn.net 6/20/02
| "Note also that an exploit for 32-bit systems has been posted. It
| originally stated that 32-bit systems were not vulnerable to
| remote exploits, but that claim has been demonstrated to be false.
| the nature of this vulnerability, anybody running an Apache
| server should upgrade sooner rather than later."

Thanks all for the correct details.  Isn't it great when the fix is
released *before* the worm?

Actually, it wasn't. This exploit has been reported in the while for at least a week. In fact, from what I understand, there were some hard feelings between the Apache Foundation and ISS explicitly because they (the Apache Foundation) weren't notified in time to release a patch before ISS reported the exploit.


To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: