Re: OT. A Problem with IT
On 15/05/10 02:34 AM, Brian Christmas wrote: G'day listers Friend of mine got this email from his strictly PC IT manager, blaming him for an attack on his network via my mates Power Mac (which is on the network). I can't really help him, but knowing you guys, someone will know what's going on. This IT guy is very, very anti Mac. Asterisks are mine. Any advice please. Regards Santa Your friend's IT has made a reasonable request and your friend should comply. In addition, change the initialization so that Apache does not automatically start on rebooting would be an extra mile to show good faith. A contrite email would also help. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
I don't know much about all this stuff, but from your previous posts, I'd think your friend doesn't need to have Web Sharing on for the things he does. The System Preferences panel "Sharing" has many check boxes for different network features, so he can deactivate Personal Web Sharing (and Apache) without affecting his ability to access the network. Maybe Bruce (what a helpful genius you are!) can comment if this is good advice. On May 16, 7:07 am, Brian Christmas wrote: > On 16/05/2010, at 2:45 PM, Bruce Johnson wrote: > > > > > > > On May 15, 2010, at 6:09 PM, Brian Christmas wrote: > > >> Sorry, I forgot to add, in response to questions, that the OS is 10.6.3, > >> and he has to keep his Mac on the network, no choice (he's running a > >> script of mine t hat automatically processes incoming email artwork, and > >> prints it, and also saves three redundant compressed copies to a PC > >> server). > > > Then his results looking up Apache configs and the like should be identical > > to mine. I see (or did until we put a lot of ACL's on our networkl at work) > > tons of attempts at php and other exploits, but because the bad guys are > > trying doesn't mean they succeed. > > > I'm not familiar with the device that those log excerpts came from, though. > > > -- > > Bruce Johnson > > University of Arizona > > College of Pharmacy > > Information Technology Group > > > Institutions do not have opinions, merely customs > > G'day Bruce > > From memory, I think they're running a Novell based PC network. I don't know > much about PC networks, so couldn't help him. I just Applescripted to send > the files to a folder on a dedicated disk linked to the Server. They have > multiple Macs to process artwork, and an ignorant IT manager who keeps > telling upper management that Macs are a problem. Stupid thing is, the tasks > that my applescript carries out are impossible to do automatically with a > windows PC, yet IT wants to be rid of them. Mac support is purely executed by > the Mac users. > > Regards > > Santa > > And what, you ask, was the beginning of it all? > And it is this.. > Existence that multiplied itself > For sheer delight of being > And plunged with numberless trillions of forms > So that it might > find > itself > innumerably > > Sri Aurobindo > > -- > You received this message because you are a member of G-Group, a group for > those using G3, G4, and G5 desktop Macs - with a particular focus on Power > Macs. > The list FAQ is athttp://lowendmac.com/lists/g-list.shtmland our netiquette > guide is athttp://www.lowendmac.com/lists/netiquette.shtml > To post to this group, send email to g3-5-list@googlegroups.com > For more options, visit this group athttp://groups.google.com/group/g3-5-list -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
On 16/05/2010, at 2:45 PM, Bruce Johnson wrote: > > On May 15, 2010, at 6:09 PM, Brian Christmas wrote: > >> Sorry, I forgot to add, in response to questions, that the OS is 10.6.3, and >> he has to keep his Mac on the network, no choice (he's running a script of >> mine t hat automatically processes incoming email artwork, and prints it, >> and also saves three redundant compressed copies to a PC server). >> > > Then his results looking up Apache configs and the like should be identical > to mine. I see (or did until we put a lot of ACL's on our networkl at work) > tons of attempts at php and other exploits, but because the bad guys are > trying doesn't mean they succeed. > > I'm not familiar with the device that those log excerpts came from, though. > > -- > Bruce Johnson > University of Arizona > College of Pharmacy > Information Technology Group > > Institutions do not have opinions, merely customs G'day Bruce >From memory, I think they're running a Novell based PC network. I don't know >much about PC networks, so couldn't help him. I just Applescripted to send the >files to a folder on a dedicated disk linked to the Server. They have multiple >Macs to process artwork, and an ignorant IT manager who keeps telling upper >management that Macs are a problem. Stupid thing is, the tasks that my >applescript carries out are impossible to do automatically with a windows PC, >yet IT wants to be rid of them. Mac support is purely executed by the Mac >users. Regards Santa And what, you ask, was the beginning of it all? And it is this.. Existence that multiplied itself For sheer delight of being And plunged with numberless trillions of forms So that it might find itself innumerably Sri Aurobindo -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
On May 15, 2010, at 6:09 PM, Brian Christmas wrote: Sorry, I forgot to add, in response to questions, that the OS is 10.6.3, and he has to keep his Mac on the network, no choice (he's running a script of mine t hat automatically processes incoming email artwork, and prints it, and also saves three redundant compressed copies to a PC server). Then his results looking up Apache configs and the like should be identical to mine. I see (or did until we put a lot of ACL's on our networkl at work) tons of attempts at php and other exploits, but because the bad guys are trying doesn't mean they succeed. I'm not familiar with the device that those log excerpts came from, though. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
If that is the case what is his complaint. I seriously doubt that it is a php script which is handling this process. It is most likely some version of a bash script. Like I said before, you will never convince this guy he is wrong about Macs. Peace, Dennis in Victoria Brian Christmas wrote: Sorry, I forgot to add, in response to questions, that the OS is 10.6.3, and he has to keep his Mac on the network, no choice (he's running a script of mine t hat automatically processes incoming email artwork, and prints it, and also saves three redundant compressed copies to a PC server). Regards Santa And what, you ask, was the beginning of it all? And it is this.. Existence that multiplied itself For sheer delight of being And plunged with numberless trillions of forms So that it might find itself innumerably Sri Aurobindo -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
Sorry, I forgot to add, in response to questions, that the OS is 10.6.3, and he has to keep his Mac on the network, no choice (he's running a script of mine t hat automatically processes incoming email artwork, and prints it, and also saves three redundant compressed copies to a PC server). Regards Santa And what, you ask, was the beginning of it all? And it is this.. Existence that multiplied itself For sheer delight of being And plunged with numberless trillions of forms So that it might find itself innumerably Sri Aurobindo -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
> > On May 14, 2010, at 11:34 PM, Brian Christmas wrote: > >> G'day listers >> >> Friend of mine got this email from his strictly PC IT manager, blaming him >> for an attack on his network via my mates Power Mac (which is on the >> network). >> >> I can't really help him, but knowing you guys, someone will know what's >> going on. >> >> This IT guy is very, very anti Mac. >> >> Asterisks are mine. >> >> >> Any advice please. G'day, and thanks folks. Answers passed on. Warmest regards, Santa And what, you ask, was the beginning of it all? And it is this.. Existence that multiplied itself For sheer delight of being And plunged with numberless trillions of forms So that it might find itself innumerably Sri Aurobindo -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
On May 14, 2010, at 11:34 PM, Brian Christmas wrote: > G'day listers > > Friend of mine got this email from his strictly PC IT manager, blaming him > for an attack on his network via my mates Power Mac (which is on the network). > > I can't really help him, but knowing you guys, someone will know what's going > on. > > This IT guy is very, very anti Mac. > > Asterisks are mine. > > > Any advice please. Apache on the Mac does not come with mod_php enabled by default; if web sharing is turned off, apache isn't running. Have you friend do this (with his IT guy, if the windows droid has any clue regarding unix) Start Terminal. grep php /private/etc/apache2/httpd.conf You will most likely get: #LoadModule php5_modulelibexec/apache2/libphp5.so The hash at the beginning of the line indicates that it's a comment, and so the module is NOT running. to find out if httpd is running, look in activity monitor, or do this in terminal: sudo ps aux | grep httpd Password: If Apache is running you'll get : _www 120 0.0 0.0 2455412948 ?? S 7:30AM 0:00.00 /usr/sbin/httpd -D FOREGROUND root25 0.0 0.3 2455412 6468 ?? Ss7:30AM 0:00.37 /usr/sbin/httpd -D FOREGROUND johnson369 0.0 0.0 2437432892 s000 S+8:23AM 0:00.00 grep httpd If it isn't all you'll get is: johnson369 0.0 0.0 2437432892 s000 S+8:23AM 0:00.00 grep httpd If Apache is running do this in terminal httpd -M And you'll get a list of all loaded modules (this is the default Snow leopard list) : Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) authn_file_module (shared) authn_dbm_module (shared) authn_anon_module (shared) authn_dbd_module (shared) authn_default_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_dbm_module (shared) authz_owner_module (shared) authz_default_module (shared) auth_basic_module (shared) auth_digest_module (shared) cache_module (shared) disk_cache_module (shared) mem_cache_module (shared) dbd_module (shared) dumpio_module (shared) ext_filter_module (shared) include_module (shared) filter_module (shared) substitute_module (shared) deflate_module (shared) log_config_module (shared) log_forensic_module (shared) logio_module (shared) env_module (shared) mime_magic_module (shared) cern_meta_module (shared) expires_module (shared) headers_module (shared) ident_module (shared) usertrack_module (shared) setenvif_module (shared) version_module (shared) proxy_module (shared) proxy_connect_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_ajp_module (shared) proxy_balancer_module (shared) ssl_module (shared) mime_module (shared) dav_module (shared) status_module (shared) autoindex_module (shared) asis_module (shared) info_module (shared) cgi_module (shared) dav_fs_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) imagemap_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) bonjour_module (shared) If your friend IS running apache and does have php running, just make sure php is up-to-date. Finally... NONE of this has diddley squat to do with it being a Mac. ANY system running Apache/PHP could be affected. -- Bruce Johnson "Wherever you go, there you are" B. Banzai, PhD -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
Does anyone else see anything missing from the list of "Affected Products?" Like anything from Redmond, Washington, USA? Hmmm...? This list looks like a whole lotta bullshite! I work with M$, Linux and Mac OS-X on a daily basis. I am a certified Cisco Networking Instructor. This is pure fear, uncertainty, and doubt. Windows has been known for YEARS to have numerous PHP exploits that they will NOT patch because it would disrupt one of their "features." The IT guy's servers most likely have numerous php scripts running on them now if he has anything like an intraweb running. The only thing a Mac person can do in this situation is move his Mac off the network. You will not change this guy's mind. Peace, Dennis in Victoria Sri Gupta wrote: > On May 15, 1:34 am, Brian Christmas wrote: G'day listers Friend of mine got this email from his strictly PC IT manager, blaming him for an attack on his network via my mates Power Mac (which is on the network). I can't really help him, but knowing you guys, someone will know what's going on. This IT guy is very, very anti Mac. Asterisks are mine. Any advice please. Regards Santa PHP is a widely deployed scripting language, designed for web based development and CGI programming. PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed. PHP is invoked through webservers remotely. It may be possible for remote attackers to execute this vulnerability to gain access to target systems. A vulnerable PHP interpreter module is available for Apache servers that is often enabled by default. Affected Products •Cobalt Control Station 4100CS •Cobalt Qube3 4000WG •Cobalt Qube3 Japanese 4000WGJ •Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ •Cobalt Qube3 Japanese w/Caching 4010WGJ •Cobalt Qube3 w/ Caching and RAID 4100WG •Cobalt Qube3 w/Caching 4010WG •Cobalt RaQ 550 •Cobalt RaQ XTR 3500R •Cobalt RaQ XTR Japanese 3500R-ja •Cobalt RaQ4 3001R •Cobalt RaQ4 Japanese RAID 3100R-ja •Cobalt RaQ4 RAID 3100R •Compaq Secure Web Server PHP •Corporate Server •Engarde Secure Linux •LX50 •Linux •Linux Mandrake •Mac OS X •MediaBase •Multi Network Firewall •OpenLinux Server •OpenLinux Workstation •PHP •Secure Linux •Secure OS software for Linux •Single Network Firewall -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: OT. A Problem with IT
What version of OS X is he running? Apache is active if he has "Web Sharing" enabled in 10.5, I think it's called "Personal Web Sharing" in 10.4. -sri On May 15, 1:34 am, Brian Christmas wrote: > G'day listers > > Friend of mine got this email from his strictly PC IT manager, blaming him > for an attack on his network via my mates Power Mac (which is on the network). > > I can't really help him, but knowing you guys, someone will know what's going > on. > > This IT guy is very, very anti Mac. > > Asterisks are mine. > > Any advice please. > > Regards > > Santa > > Begin forwarded message: > > > > > > > Subject: wtf is this guy taking about? > > > Pls, if you can find time I've a favor can you clue me in to what to tell > > this fn IT guy who sent me the below and my VICE PRESIDENT this > > Begin forwarded message: > > > Take a look at the two messages that I got from the firewall. And then the > > reference material below that. Try to figure out what your system is trying > > to do. The ip address you were going to doesn't show up in DNS and it only > > shows up as an Akamai site provided by MCI / Verizon. It is possible > > you're running Apache as part of something else that got installed any you > > are not intentionally using it. Look for a process called httpd. That > > would be the server process running. Kill it and stop it from running > > automatically if you didn't set it up. If you did, try getting updates so > > fix this hole. > > > Subject: NetScreen Event Alarms Reported From UEI-SSG140 > > > [1] 2010-05-14 12:42:54 [Root]system-critical-00601: > > HTTP:APACHE:MODPHP-UPLOAD-HOF has been detected from 150.2.0.***/57750 to > > **.*.**,***/** through policy 8 1 times. > > > [2] 2010-05-14 12:42:49 [Root]system-critical-00601: > > HTTP:APACHE:MODPHP-UPLOAD-HOF has been detected from 150.2.0.***/57749 > > to**.*.**,***/** through policy 8 1 times. > > > Researched meaning. > > > HTTP:APACHE:MODPHP-UPLOAD-HOF > > Description > > This signature detects attempts to exploit a known vulnerability against > > mod_php in Apache. Attackers can send a maliciously crafted HTTP POST > > request to execute arbitrary code on the affected server. > > Severity > > CRITICAL > > Group > > HTTP:APACHE > > Supported By > > sos-5.1.0, idp-sos-3.0, sos-5.2.0, idp-3.2.0, sos-5.3.0-Default, > > sos-5.3.0-SMB-Server, idp-4.0.0, idp-3.2r2, idp-4.1.0, idp-sos-3.4.0, > > idp-jsrx-9.4, idp-sos-3.5.0, idp-srx-9.2, idp-4.2.0, idp-jservices-9.4, > > idp-5.0.0, idp-jsr-9.5, idp-sos-3.4.125129, idp-4.0.110090709, > > idp-4.0.110090831, idp-4.1.110090831, idp-4.2.110090831, idp-5.0.110090831, > > idp-sos-3.1.134269, idp-sos-3.5.134268, idp-4.2.110091104, > > idp-5.0.110091104, idp-4.1.110091104, idp-sos-3.1.134919, > > idp-sos-3.4.134907, idp-sos-3.5.134907, idp-4.1.110100209, > > idp-4.2.110100209, idp-5.0.110100209 > > Extended Description > > PHP is a widely deployed scripting language, designed for web based > > development and CGI programming. PHP does not perform proper bounds > > checking on in functions related to Form-based File Uploads in HTML > > (RFC1867). Specifically, this problem occurs in the functions which are > > used to decode MIME encoded files. As a result, it may be possible to > > overrun the buffer used for the vulnerable functions to cause arbitrary > > attacker-supplied instructions to be executed. PHP is invoked through > > webservers remotely. It may be possible for remote attackers to execute > > this vulnerability to gain access to target systems. A vulnerable PHP > > interpreter module is available for Apache servers that is often enabled by > > default. > > Affected Products > > •Cobalt Control Station 4100CS > > •Cobalt Qube3 4000WG > > •Cobalt Qube3 Japanese 4000WGJ > > •Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ > > •Cobalt Qube3 Japanese w/Caching 4010WGJ > > •Cobalt Qube3 w/ Caching and RAID 4100WG > > •Cobalt Qube3 w/Caching 4010WG > > •Cobalt RaQ 550 > > •Cobalt RaQ XTR 3500R > > •Cobalt RaQ XTR Japanese 3500R-ja > > •Cobalt RaQ4 3001R > > •Cobalt RaQ4 Japanese RAID 3100R-ja > > •Cobalt RaQ4 RAID 3100R > > •Compaq Secure Web Server PHP > > •Corporate Server > > •Engarde Secure Linux > > •LX50 > > •Linux > > •Linux Mandrake > > •Mac OS X > > •MediaBase > > •Multi Network Firewall > > •OpenLinux Server > > •OpenLinux Workstation > > •PHP > > •Secure Linux > > •Secure OS software for Linux > > •Single Network Firewall > > References > > •X-Force: 8281 > > •BugTraq ID: 4183 > > •CVE: CVE-2002-0081 > > •http://www.juniper.net/security/auto/vulnerabilities/vuln1085.html > > And what, you ask, was the beginning of it all? > And it is this.. > Existence that multiplied itself > For sheer delight of being > And plunged with numberless trillions of forms > So that it might > find > itself > innumerably > > Sri Aurobindo > > -- > You received this message because you are a member of G-Group, a group for > those using G3, G4, and G5 des
OT. A Problem with IT
G'day listers Friend of mine got this email from his strictly PC IT manager, blaming him for an attack on his network via my mates Power Mac (which is on the network). I can't really help him, but knowing you guys, someone will know what's going on. This IT guy is very, very anti Mac. Asterisks are mine. Any advice please. Regards Santa Begin forwarded message: > Subject: wtf is this guy taking about? > > Pls, if you can find time I've a favor can you clue me in to what to tell > this fn IT guy who sent me the below and my VICE PRESIDENT this > Begin forwarded message: > > > Take a look at the two messages that I got from the firewall. And then the > reference material below that. Try to figure out what your system is trying > to do. The ip address you were going to doesn't show up in DNS and it only > shows up as an Akamai site provided by MCI / Verizon. It is possible you're > running Apache as part of something else that got installed any you are not > intentionally using it. Look for a process called httpd. That would be the > server process running. Kill it and stop it from running automatically if you > didn't set it up. If you did, try getting updates so fix this hole. > > > Subject: NetScreen Event Alarms Reported From UEI-SSG140 > > [1] 2010-05-14 12:42:54 [Root]system-critical-00601: > HTTP:APACHE:MODPHP-UPLOAD-HOF has been detected from 150.2.0.***/57750 to > **.*.**,***/** through policy 8 1 times. > > [2] 2010-05-14 12:42:49 [Root]system-critical-00601: > HTTP:APACHE:MODPHP-UPLOAD-HOF has been detected from 150.2.0.***/57749 > to**.*.**,***/** through policy 8 1 times. > > > Researched meaning. > > HTTP:APACHE:MODPHP-UPLOAD-HOF > Description > This signature detects attempts to exploit a known vulnerability against > mod_php in Apache. Attackers can send a maliciously crafted HTTP POST request > to execute arbitrary code on the affected server. > Severity > CRITICAL > Group > HTTP:APACHE > Supported By > sos-5.1.0, idp-sos-3.0, sos-5.2.0, idp-3.2.0, sos-5.3.0-Default, > sos-5.3.0-SMB-Server, idp-4.0.0, idp-3.2r2, idp-4.1.0, idp-sos-3.4.0, > idp-jsrx-9.4, idp-sos-3.5.0, idp-srx-9.2, idp-4.2.0, idp-jservices-9.4, > idp-5.0.0, idp-jsr-9.5, idp-sos-3.4.125129, idp-4.0.110090709, > idp-4.0.110090831, idp-4.1.110090831, idp-4.2.110090831, idp-5.0.110090831, > idp-sos-3.1.134269, idp-sos-3.5.134268, idp-4.2.110091104, idp-5.0.110091104, > idp-4.1.110091104, idp-sos-3.1.134919, idp-sos-3.4.134907, > idp-sos-3.5.134907, idp-4.1.110100209, idp-4.2.110100209, idp-5.0.110100209 > Extended Description > PHP is a widely deployed scripting language, designed for web based > development and CGI programming. PHP does not perform proper bounds checking > on in functions related to Form-based File Uploads in HTML (RFC1867). > Specifically, this problem occurs in the functions which are used to decode > MIME encoded files. As a result, it may be possible to overrun the buffer > used for the vulnerable functions to cause arbitrary attacker-supplied > instructions to be executed. PHP is invoked through webservers remotely. It > may be possible for remote attackers to execute this vulnerability to gain > access to target systems. A vulnerable PHP interpreter module is available > for Apache servers that is often enabled by default. > Affected Products > •Cobalt Control Station 4100CS > •Cobalt Qube3 4000WG > •Cobalt Qube3 Japanese 4000WGJ > •Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ > •Cobalt Qube3 Japanese w/Caching 4010WGJ > •Cobalt Qube3 w/ Caching and RAID 4100WG > •Cobalt Qube3 w/Caching 4010WG > •Cobalt RaQ 550 > •Cobalt RaQ XTR 3500R > •Cobalt RaQ XTR Japanese 3500R-ja > •Cobalt RaQ4 3001R > •Cobalt RaQ4 Japanese RAID 3100R-ja > •Cobalt RaQ4 RAID 3100R > •Compaq Secure Web Server PHP > •Corporate Server > •Engarde Secure Linux > •LX50 > •Linux > •Linux Mandrake > •Mac OS X > •MediaBase > •Multi Network Firewall > •OpenLinux Server > •OpenLinux Workstation > •PHP > •Secure Linux > •Secure OS software for Linux > •Single Network Firewall > References > •X-Force: 8281 > •BugTraq ID: 4183 > •CVE: CVE-2002-0081 > •http://www.juniper.net/security/auto/vulnerabilities/vuln1085.html > > > > > > And what, you ask, was the beginning of it all? And it is this.. Existence that multiplied itself For sheer delight of being And plunged with numberless trillions of forms So that it might find itself innumerably Sri Aurobindo -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list