[Gllug] Apache REMOTE ROOT exploit

Mark Lowes hamster at korenwolf.net
Fri Jun 21 11:03:08 UTC 2002


On Fri, 2002-06-21 at 11:47, Thom May wrote:
> > If you're running a publicly accessible server then reading at least
> > bugtraq is a minimum for getting a good nights sleep IMHO.  Though I
> > really could have done without having to upgrade a stuffing great pile
> > of apache installs all over the network this week.
> 
> Agreed, but how many distributions _don't_ install apache virtually by
> default? Any user on dial up is potentially vulnerable to this.

True, though it just proves the case that you should learn what you're
using not just assume the vendor is doing the 'right thing' and of
course 'the right thing' changes over time.  Once upon a time shipping
with sendmail installed, running and relaying to anywhere for anyone was
the 'right thing' now it's a disemboweling offence :)

Makes me glad I firewall to hell and back for personal stuff.

-- 
The Flying Hamster <hamster at korenwolf.net>     
http://www.korenwolf.net/
Ah, good old trustworthy beer. My love for you will never die.


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list