Call me "chicken little", but I am getting worried about the looming
Apache/PHP vulnerability out there:
http://news.com.com/2100-1001-850752.html?tag=cd_mh
http://security.e-matters.de/advisories/012002.html
http://www.cert.org/advisories/CA-2002-05.html
If you have a webserver on the internet with PHP I encourage you to
patch it NOW.
If the estimate of 1 million vulnerable php servers is correct, then
as soon as someone creates a worm program that can get a shell on a
vulnerable machine then all 1 million servers will be infected in
about 2 hours (assuming one machine can try to infect 10 random IP's/sec).
That would be worse than code red and a huge blow to Apache & OSS. :-(
I hope I turn out to be chicken little...
Karl
*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************
