[Previous] [Next] [Index]
[Thread]
Re: NCSA httpd bug before 1.5a?
-----BEGIN PGP SIGNED MESSAGE-----
The alert was posted to best-of-security a long while back, and
distributed by CERT. The alert is your best source for the details.
To remove the exposure, remove the "phf" program from your cgi-bin
directory.
On Thu, 2 May 1996, Nickolai Zeldovich wrote:
> could anyone tell me what exactly is this bug that allows people to
> execute that was fixed in 1.5a? i'm trying to check my machine for the
> existance of the bug and also the severity of it - i.e. is it even worth
> fixing on my machine?
> could anyone tell me how to exploit this bug to see how severe it is and
> what kind of options does it allow?
> thanks.
> nickolai zeldovich.
>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.
iQCVAwUBMYoTmBJDjDeJLiB1AQFOkAP+Lgxy6GtqZXCKUXIHniHHZvUF9Dde4M5B
4Jc9kBDxt0rYK86Dw7LOltX0tdhewBAtNgtXm6bV8U+Fnz/mw+vD7ykybcwCeRF3
/BHiBbPu+fc5yqTWPbijZf0keomHS5Vha7s0m1AgUYfKXHVLqXVgmi0z2JDW/Ezo
hdYfbMFPe5I=
=Tu+f
-----END PGP SIGNATURE-----
Chip Coy coy@coy.com http://bridge.coy.com/~coy/
"Do not mistake composure for ease." - Tuvok
References: