Date: Fri, 27 Nov 1998 16:39:28 +0100 From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> To: Eivind Eklund <eivind@yes.no>, Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> Cc: freebsd-security@FreeBSD.ORG Subject: Re: cgi-bin/phf* security hole in apache Message-ID: <19981127163928.B29306@gil.physik.rwth-aachen.de> In-Reply-To: <19981127161408.E9226@follo.net>; from Eivind Eklund on Fri, Nov 27, 1998 at 04:14:08PM %2B0100 References: <19981126190545.A26062@gil.physik.rwth-aachen.de> <22257.912152434@axl.training.iafrica.com> <19981127105744.A28408@gil.physik.rwth-aachen.de> <19981127161408.E9226@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 27, 1998 at 04:14:08PM +0100, Eivind Eklund wrote: > On Fri, Nov 27, 1998 at 10:57:44AM +0100, Christoph Kukulies wrote: > > Is there any danger and to what extent arising from previous or current > > apache httpd installations from the FreeBSD ports tree, especially WRT > > that phf security hole? > > > > Shouldn't the port also install the phf 'candid camera' catcher > > automatically? > > Maybe. Do you have any reference to this catcher and what it does? ports/www/apache12/work/apache_1.2.6/support/phf_abuse_log.cgi AFAIU if one puts this script into the server cgi-bin directory (currently there isn't any phf file in it either) this script becomes virulent (in the sense that it catches the wannabe intrudor). > > Eivind. -- --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981127163928.B29306>