[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Apache/mod_include/SSI/CAN-2004-0940

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Apache/mod_include/SSI/CAN-2004-0940
From: Dirk-Willem van Gulik <dirkx_(_at_)_webweaving_(_dot_)_org>
Date: Thu, 30 Dec 2004 15:11:25 -0800 (PST)

I am trying to find out how a machine was compromised - and know that we
have strange SSI entries in the log. Is there any chance that the fix from
the original:

	http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_include.c?rev=1.141&view=log

for CAN-2004-0940 is -also- required for the simplified/secured version of
apache as shipped with OpenBSD 3.6 on x86 ? Or is that a non issue for the
open BSD version on intel - as it was fixed some other way ? Just looking
for avenues I can stop researching in ?

Thanks,

Dw

Prev by Date: Re: OpenBSD/i386 switches to gcc3
Next by Date: Re: OpenBSD/i386 switches to gcc3
Previous by thread: Re: OpenBSD/i386 switches to gcc3
Next by thread: Happy New Year! :)
Index(es):
- Date
- Thread

Visit your host, monkey.org