httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.com>
Subject Re: Apache 1.0.5 (maintenance release)
Date Sun, 21 Apr 1996 00:42:55 GMT

Hello?  We have not received any messages of exploitation, nor have any 
reports of exploitation been posted to any of the comp.security 
newsgroups.  Not even an exploit script has been posted.  Please 
substantiate your "bullshit" claim.  Thanks.

	Brian

On Fri, 19 Apr 1996, Thomas Ptacek wrote:
> > There have been no reports of any exploitation of this hole, which also 
> > existed in NCSA 1.5 and is fixed in 1.5.1.  However, it is recommended 
> > that you either patch the holes (patches provided as an attachment) or 
> > upgrade to 1.0.5.
> 
> This is utter bullshit. Please don't distribute messages like this; 
> not are they far too little, too late, but they're also absolutely 
> dishonest. 
> 
> _Everyone_ and their _mother_ is exploiting this hole.
> 
> ----------------
> Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
> ----------------
> main(){while(1)fork();}
> 
> 
> 

Mime
View raw message