On Thu, 11 Jul 2002 20:01:28 -0500 "Bill Williamson" <[EMAIL PROTECTED]> wrote:
# #YOU ARE COMPROMISED # #from http://uptime.netcraft.com/up/graph/ scan of your server # --------- #The site www.j2solutions.net is running Apache/1.3.22 (Unix) (Red-Hat/Linux) # --------- # #from http://httpd.apache.org and #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392 : # ---------------- #Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote #attackers to cause a denial of service and possibly execute arbitrary code #via a chunk-encoded HTTP request that causes Apache to use an incorrect #size. # ---------------- Incorrect. Red Hat long ago issued updated apache packages, for 7.2 it was apache-1.3.22-6, which include the security update for the chunk code vuln. This is not a case of that. -- Jesse Keating j2solutions.net Mondo DevTeam (www.mondorescue.org) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
