1.De facut test am facut si am vazut ca il omoara, dar sincer, nu am facut brute force. Ai dreptate, dar de acum, e history.
2.m-am referit ca nu avea legatura apache 2.0 cu php care merge greu, asa-i? -- Spooky Mihai RUSU wrote: >On Thu, 27 Jun 2002, Paul Dorneanu wrote: > > > >>1. RH a zis ca Apache nu ar trebui sa fie o problema : >> >>Our investigations show that this bug cannot be used to gain remote access >>to a server running Apache on Red Hat Linux on 32-bit platforms, but it >>does cause the child process to die. The Apache parent process will >>notice this and start a new child process when necessary -- using more >>resources than normal. >> >> >> > >Well faceti un mic test cu exploit-ul care crashuieste apache-ul (colegii >mei au facut) pus intr-un for(;;) si vedeti ca nu e vorba de "mancarea >resurselor" ci pur si simplu devine apache-ul ala neutilizabil (si urca si >load-ul pe la x sute, si asta pe o masina care altceva nu facea, nu mai >vorbesc de una de productie). Deci chiar daca nu iti obtine shell, fara >update e foarte nashpa. > > > >>Investigations by the Apache Software Foundation show that in some cases >>64-bit platforms may have a greater exposure and could be remotely >>exploited to allow arbitrary code to be run on the server. >> >> >>2. nu vad legatura cu cele dinainte >> >> >> >Cred ca omul credea ca nu afecteaza si 2.0.x sau ca exista patch doar pt >2.0.x or somthing > >---------------------------- >Mihai RUSU > >Disclaimer: Any views or opinions presented within this e-mail are solely >those of the author and do not necessarily represent those of any company, >unless otherwise specifically stated. > >--- >Pentru dezabonare, trimiteti mail la >[EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. >REGULI, arhive si alte informatii: http://www.lug.ro/mlist/ > > > > --- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
