On Tue, 18 Jun 2002, Horatio B. Bogbindero wrote: > On Tue, Jun 18, 2002 at 01:25:38PM +0800, Ian C. Sison wrote (wyy sez): > > > > Hoo-boy, looks like another round of updates for all ye sysads... > > > > II. Impact > > > > For Apache versions 1.3 through 1.3.24 inclusive, this vulnerability > > may allow the execution of arbitrary code by remote attackers. Several > > sources have reported that this vulnerability can be used by intruders > > to execute arbitrary code on Windows platforms. Additionally, the > > Apache Software Foundation has reported that a similar attack may > > allow the execution of arbitrary code on 64-bit UNIX systems. > > > > looks like we 32-bit Unix guys are immune? of course, we are not taking our > chances right? >
No, 32 bit systems will core dump, and the result is effectively a DoS, and if done correctly, will result in apache continually spawning and respawning the httpd binary. On systems which have apache statically linked to a lot of modules, this bring up and tear down can be costly resource wise. My suggestion is security by obsolesence: use apache 1.2 ! ! ! _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
