[396] in WWW Security List Archive
NCSA httpd Vulnerability
daemon@ATHENA.MIT.EDU (Michael Covington)
Thu Feb 16 00:18:36 1995
Date: Wed, 15 Feb 95 21:00:19 EST
From: covingto@msmary.edu (Michael Covington)
To: www-security@ns2.rutgers.edu
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Does anybody know if NCSA is still supporting their code for httpd?
If they are, have they set a date for a patch release on this bug?
Thanks,
+--------------------------------------------------------------------+
| Michael J. Covington | Internet: covingto@msmary.edu |
| Systems Administrator | Phone: (301) 447-5061 |
| Mount Saint Mary's College | http://msmary.edu/~covingto |
| Emmitsburg, Maryland 21727-7799 | PGP 2.6.2 Public Key Available |
+--------------------------------------------------------------------+
_____________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
_____________________________________________________
ADVISORY NOTICE
Unix NCSA httpd Vulnerability
February 14, 1995 1030 PST Number F-11
_____________________________________________________________________________
PROBLEM: A vulnerability has been discovered in the NCSA WWW server
software (httpd).
PLATFORMS: Unix systems running NCSA httpd version 1.3.
DAMAGE: Remote users may gain unauthorized access.
SOLUTION: Implement workaround as described below.
_____________________________________________________________________________
VULNERABILITY This vulnerability, along with an automated exploitation
ASSESSMENT: script, has been announced in public forums on the Internet.
CIAC recommends that sites install the workaround on affected
systems as soon as possible.
_____________________________________________________________________________
<...>
