As many of you may know, a bug has been discovered in the Apache web server which can lead to local account compromise. Earlier reports that only Win32 and 64-bit Unix platforms are vulnerable are incorrect; all platforms are considered vulnerable. More information here:
http://httpd.apache.org/info/security_bulletin_20020620.txt To protect yourself from attack, make sure any system you have running Apache is not vulnerable. Minimum safe releases are: - Apache 1.3.26 or later - Apache 2.0.39 or later The amount of damage on Unix platforms is, in theory, limited by the fact that Apache normally runs as a regular user (not the root superuser). However, even a user account compromise can be fairly damaging. InfoWorld reports that a canned exploit tool designed to automate the exploitation of this bug has been found in the wild. A worm which enables completely automatic propagation is likely not far behind. http://makeashorterlink.com/?Z49B21B11 (InfoWorld) -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
