httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@aaaaaaaa.demon.co.uk>
Subject Re: Apache CIAC advisory...
Date Sat, 20 Apr 1996 01:09:48 GMT
*** [I'm speaking for myself, this is *not* a message sanctioned
***  by any other members of Apache Group]

Hi Richard,

    can you help us out with this?!  There are a couple of problems:

1)	Apache Group were not made aware of the *new* findings published
	in the CIAC summary regarding a flaw in the src/util_script.c
	file from the Apache/1.0.3 distribution.  To date there
	has been no formal communication between CIAC and Apache
	Group.  IMHO it would be to the advantage of both CIAC and
	Apache Group if we had the chance to speak to one another
	regularly.

2)	I am not aware of any available exploit scripts which demonstrate 
	this new vunerability.  I feel sure that apache Group would
	appreciate any additional information you may have.  Mail
	to apache-bugs@apache.org is forwarded to core-developers
	only.

My, apologies if you're not the person I should be bothering with
these questions ;)

Cheers,
Ay.

Andrew.Wilson@cm.cf.ac.uk http://www.cm.cf.ac.uk/User/Andrew.Wilson/

> Andrew,
> 
> CIAC received the information for the Apache advisory (G-20) from IBM-ERS and
> NASIRC. I do not know if they have any exploit scripts or not. The
> individual you need to contact is at NASIRC and his name is Richard
> Carr at rcarr@nasamail.nasa.gov. I hope this helps.....
> 
> Thanks,
> David
> 
>  > Hi, any chanse you could post an exploit script or any other info
>  > you've got to hand to apache-bugs@apache.org .  We weren't made
>  > aware of the advisory contents prior to their release this week.
>  > 
>  > Come to think of it, any kind of contact would be most helpful.
>  > 
>  > Cheers,
>  > Ay.
>  > 
>  > Andrew.Wilson@cm.cf.ac.uk http://www.cm.cf.ac.uk/User/Andrew.Wilson/
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Computer Incident Advisory Capability (CIAC)    David L. Crawford
> (510)422-8193                                   (510)423-9905
> ciac@llnl.gov                                   crawford1@llnl.gov
> ----------------------------------------------------------------------
> 


Mime
View raw message