[lug] Apache security flaw
D. Stimits
stimits at idcomm.com
Tue Jun 18 09:54:59 MDT 2002
It beats leaving it entirely up to the vendor, even if the announce is
irritating. As for the web site link, it redirects to an asp page that
stalls out and never gets here (NS and mozilla, no proxy, no caching
that I know of, so on, just a bad asp page as far as I can tell).
D. Stimits, stimits at idcomm.com
Ferdinand Schmid wrote:
>
> HI,
> This came through on eWEEK today:
> Flaw Found in Apache HTTP Server
>
> A buffer overrun vulnerability in the Apache HTTP server
> included with many popular Web servers enables an attacker
> to execute code on vulnerable machines. To read the story,
> click here:
> http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eQhB0DDhnJ0E4J0n470AY
>
> It appears that security companies now alert hackers at the same time as alerting the
> maintainers of the code. I felt that giving 2 weeks notice to the code maintainers (be it
> a private business or a group of open source maintainers) would be the fair thing to do.
>
> Sorry for writing a bit irritated about this.
>
> Ferdinand
> --
> Ferdinand Schmid
> Architectural Energy Corporation
> Celebrating 20 Years of Improving Building Energy Performance
> http://www.archenergy.com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG
mailing list