www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Yadallee <r...@nk.ca>
Subject os-bsdi/9661: cgi-bin scripts security violation
Date Thu, 31 Jan 2002 07:15:23 GMT

>Number:         9661
>Category:       os-bsdi
>Synopsis:       cgi-bin scripts security violation
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jan 30 23:20:00 PST 2002
>Originator:     root@nk.ca
>Release:        1.3.23
BSD/OS doctor.nl2k.ab.ca 4.2 BSDI BSD/OS 4.2 Kernel #91: Sat Jan 12 12:27:23 MST
 2002     root@doctor.nl2k.ab.ca:/usr/src/sys/compile/LOCAL  i386
Please check http://www.nk.ca/usage .  We noticed someone trying to hack into the cgi-bin
script directory
Chomd 0755 or Security patch?
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message