Conclusi�n: use Linux para ejecutar Apache......:-)
----- Mensaje reenviado por "William A. Rowe, Jr." <[EMAIL PROTECTED]> -----
Date: Sat, 12 May 2001 16:21:13 -0500
From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
Reply-To: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
Subject: [Announce] Apache 1.3 Security Fix Available for Win32/OS2 users
To: [EMAIL PROTECTED]
Ports Affected: Windows 95, 98, ME, NT and 2000, OS2/Warp
Versions Affected: 1.3 [all subverisons through .19]
Patch: Available
Replacement Binary: Available for Apache 1.3.19
----
An exploit was recently reported that allows a malicious user to terminate the
Apache server running on Win32 or OS2.
Depending on the specific OS version, the server would stop listening to further
requests, and prompt the operator that the Apache.exe process had performed an
illegal operation, and would remain hung until the administrator cleared the
fault.
In all cases the server would not respond until it completed its restart, which
could take one minute or more depending on the server's configuration. Any
replies in process from the server would be terminated.
No other operating systems are effected by the vulnerability. We are not aware
of any exploits of this vulnerability other than the denial of service.
The fixfault_win32_os2-1.3.19.patch file is available from:
http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/
Since many Win32 and OS2 users rely on soley on binary releases, the replacement
for the core binary module file is available in the win32 and os2 directories:
http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/win32/
http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/os2/
Please read the information on those download pages carefully, and be sure to
back
up your existing ApacheCore.dll file before replacing it with this binary.
Note that users of non-standard distributions, such as the Apache-EAPI
extensions
or ApacheSSL-enabled servers _cannot_ use this patched binary. Either refer to
the
distributor or vendor of your Apache build for updated binaries, or apply the
patch
to the sources, where available, and recompile the server.
Users of older versions of Apache on Win32 and OS2 platforms are cautioned to to
upgrade to 1.3.19 and apply this fix. All Win32 and OS2 users are strongly
encouraged
to upgrade to 1.3.20 once it is released. A large number of Win32 bugs have
been
identified over time, and 1.3.20 will introduce more fixes for Win32.
Configuration help for Windows users is by peer-support at the newsgroup:
news:comp.infosystems.www.servers.ms-windows
---------------------------------------------------------------------
You have received this mail because you are subscribed to the
[EMAIL PROTECTED] mailing list.
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
----- Fin del Mensaje reenviado -----
--------------------------------------------
Mario A. Guerra - [EMAIL PROTECTED]
Administrador de Sistemas
--------------------------------------------
--
�Desea desuscribirse? Escriba a [EMAIL PROTECTED] con
el tema "unsubscribe".
