[Previous] [Next] [Index]
[Thread]
Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
>Here, what I want to ask is if there are similar vulnerabilities present in
>CERN httpd. If so, how can we fix them?
There is no shared code between the NCSA and CERN httpd. Although I have not yet
checked the code I beleive that this attack was known when it was written, it is
after all a variation on the fingerd attack of the internet worm.
The parts of the Daemon I have checked are based on buffer append routines. But
there are quite a few of them so its possible one has been missed. I will see if
someone can check it out just to be on the safe side.
Phill Hallam-Baker.
Follow-Ups:
References: