[Previous] [Next] [Index]
[Thread]
NCSA httpd Vulnerability
Does anybody know if NCSA is still supporting their code for httpd?
If they are, have they set a date for a patch release on this bug?
Thanks,
+--------------------------------------------------------------------+
| Michael J. Covington | Internet: covingto@msmary.edu |
| Systems Administrator | Phone: (301) 447-5061 |
| Mount Saint Mary's College | http://msmary.edu/~covingto |
| Emmitsburg, Maryland 21727-7799 | PGP 2.6.2 Public Key Available |
+--------------------------------------------------------------------+
_____________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
_____________________________________________________
ADVISORY NOTICE
Unix NCSA httpd Vulnerability
February 14, 1995 1030 PST Number F-11
_____________________________________________________________________________
PROBLEM: A vulnerability has been discovered in the NCSA WWW server
software (httpd).
PLATFORMS: Unix systems running NCSA httpd version 1.3.
DAMAGE: Remote users may gain unauthorized access.
SOLUTION: Implement workaround as described below.
_____________________________________________________________________________
VULNERABILITY This vulnerability, along with an automated exploitation
ASSESSMENT: script, has been announced in public forums on the Internet.
CIAC recommends that sites install the workaround on affected
systems as soon as possible.
_____________________________________________________________________________
<...>