httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Apache security problems (fwd)
Date Thu, 16 Jan 1997 00:53:36 GMT

Does anyone who actually did some of the work fixing the holes want to
talk to Nick ?

If you just watched as other fixed it (like me), don't use this to
just to get some personal PR points :-)

The answers seem to be

	- the seriousness is unknown since we're not aware of an exploit
	   it could affect any of the N00,000 users of Apache.
	- ?
	- no
	- the potential to add new code/data into the program where it
	   should be.

Check with Brian that he hasn't already responded.

---------- Forwarded message ----------
Date: Wed, 15 Jan 1997 15:20:15 -0800
From: Nick Wingfield <>
To: Rob Hartill <>
Subject: Apache security problems


I saw the alert on the security problems in Apache 1.1.1. Would you mind
answering a few questions for an article that I'm doing on the security
problems? (I'd like to quote your responses unless you prefer that I don't.) 

--Can you tell me how serious the problems were and how many users they
might affect? 
--How could the problems be expolited by someone? 
--To your knowledge, has anyone exploited the security holes in Apache?
--What does "scribbling a memory stack" mean in laymen's terms? 

Thanks for your help, Rob. I'm filing my article this afternoon so email me
as soon as you can.



P.S. I've also email Brian Behlendfor, but because of my deadline I thought
I'd try to contact you as well.

View raw message