Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

• To: www-security@ns2.rutgers.edu
• Subject: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
• Date: Wed, 15 Feb 1995 11:53:02 +0900
• cc: hallam@dxal18.cern.ch
• In-reply-to: Your message of "Wed, 15 Feb 1995 18:07:29 +0200." <9502150907.AA28085@jaguar.cs.shizuoka.ac.jp>
• Reply-To: www-security@ns2.rutgers.edu

>Here, what I want to ask is if there are similar vulnerabilities  present  in
>CERN httpd. If so, how can we fix them?

There is no shared code between the NCSA and CERN httpd. Although I have not yet 
checked the code I beleive that this attack was known when it was written, it is 
after all a variation on the fingerd attack of the internet worm.

The parts of the Daemon I have checked are based on buffer append routines. But
there are quite a few of them so its possible one has been missed. I will see if 
someone can check it out just to be on the safe side.


	Phill Hallam-Baker.

• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: Bernhard.Schneck@physik.tu-muenchen.de

• CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: purna@cs.shizuoka.ac.jp

• Previous: Re: What's the deal ?
• Next: Re: What's the deal ?
• Index(es):
  • Index
  • Thread