[1983] in WWW Security List Archive
Re: NCSA httpd bug before 1.5a?
daemon@ATHENA.MIT.EDU (Chip Coy)
Sat May 4 12:38:17 1996
Date: Fri, 3 May 1996 11:09:58 -0500 (CDT)
From: Chip Coy <coy@coy.com>
To: Nickolai Zeldovich <kolya@port19.creol.ucf.edu>
cc: Rolf Weber <weber@iez.com>, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.LNX.3.91.960502215741.3430A-100000@zepa.zepanet>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
The alert was posted to best-of-security a long while back, and
distributed by CERT. The alert is your best source for the details.
To remove the exposure, remove the "phf" program from your cgi-bin
directory.
On Thu, 2 May 1996, Nickolai Zeldovich wrote:
> could anyone tell me what exactly is this bug that allows people to
> execute that was fixed in 1.5a? i'm trying to check my machine for the
> existance of the bug and also the severity of it - i.e. is it even worth
> fixing on my machine?
> could anyone tell me how to exploit this bug to see how severe it is and
> what kind of options does it allow?
> thanks.
> nickolai zeldovich.
>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.
iQCVAwUBMYoTmBJDjDeJLiB1AQFOkAP+Lgxy6GtqZXCKUXIHniHHZvUF9Dde4M5B
4Jc9kBDxt0rYK86Dw7LOltX0tdhewBAtNgtXm6bV8U+Fnz/mw+vD7ykybcwCeRF3
/BHiBbPu+fc5yqTWPbijZf0keomHS5Vha7s0m1AgUYfKXHVLqXVgmi0z2JDW/Ezo
hdYfbMFPe5I=
=Tu+f
-----END PGP SIGNATURE-----
Chip Coy coy@coy.com http://bridge.coy.com/~coy/
"Do not mistake composure for ease." - Tuvok
