As the person who found and has thoroughly tested this bug, I can confirm firsthand that this isn't just a case of apache being vulnerable with "-F"! I specifically mentioned using the init script in the original report over a month ago, not "-F". That is, the circumstances required to exploit this are not 'rare'. With this in mind, I'm still confused as to why if you can root a machine with a buffer overflow, it's critical, but if you can root a machine using a terminal exploit, it's not. Either way, you end up with an owned machine, the method is unimportant.
Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]