Re: NCSA httpd bug before 1.5a?

To: Nickolai Zeldovich <kolya@port19.creol.ucf.edu>
Subject: Re: NCSA httpd bug before 1.5a?
From: Chip Coy <coy@coy.com>
Date: Fri, 3 May 1996 11:09:58 -0500 (CDT)
cc: Rolf Weber <weber@iez.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.91.960502215741.3430A-100000@zepa.zepanet>

-----BEGIN PGP SIGNED MESSAGE-----

The alert was posted to best-of-security a long while back, and
distributed by CERT. The alert is your best source for the details.

To remove the exposure, remove the "phf" program from your cgi-bin
directory. 

On Thu, 2 May 1996, Nickolai Zeldovich wrote:

> could anyone tell me what exactly is this bug that allows people to 
> execute that was fixed in 1.5a? i'm trying to check my machine for the 
> existance of the bug and also the severity of it - i.e. is it even worth 
> fixing on my machine?
> could anyone tell me how to exploit this bug to see how severe it is and 
> what kind of options does it allow?
> thanks.
> nickolai zeldovich.
> 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.

iQCVAwUBMYoTmBJDjDeJLiB1AQFOkAP+Lgxy6GtqZXCKUXIHniHHZvUF9Dde4M5B
4Jc9kBDxt0rYK86Dw7LOltX0tdhewBAtNgtXm6bV8U+Fnz/mw+vD7ykybcwCeRF3
/BHiBbPu+fc5yqTWPbijZf0keomHS5Vha7s0m1AgUYfKXHVLqXVgmi0z2JDW/Ezo
hdYfbMFPe5I=
=Tu+f
-----END PGP SIGNATURE-----


Chip Coy   coy@coy.com   http://bridge.coy.com/~coy/
"Do not mistake composure for ease." - Tuvok

References:

NCSA httpd bug before 1.5a?

From: Nickolai Zeldovich <kolya@port19.creol.ucf.edu>

Previous: unsubcribe
Next: Re: Java/Netscape security holes: hole du jour and summary
Index(es):
- Index
- Thread