Date: Thu, 7 Jun 2001 10:39:17 +1000 From: "Chris Knight" <chris@aims.com.au> To: <freebsd-ports@freebsd.org> Cc: <degen@videotron.ca>, <dirk@freebsd.org> Subject: RE: FreeBSD Port: mod_php4-4.0.5 Message-ID: <008f01c0eeea$4958d3d0$020aa8c0@aims.private> In-Reply-To: <000701c0eed5$18ba9660$41f41aac@GVL03756NTW.vsi.videotron.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Howdy, Someone hasn't bothered to do some simple verification. The Interbase support offered by mod_php4 uses Firebird 0.9-4 which was committed as databases/firebird. The CERT advisory mentions that Firebird 0.9-3 or previous are vulnerable. http://www.securityfocus.com/news/136 provides information on how to check for the backdoor vulnerability. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au > -----Original Message----- > From: owner-freebsd-ports@FreeBSD.ORG [mailto:owner-freebsd-ports@FreeBSD.ORG]On Behalf Of degen > Sent: Thursday, 7 June 2001 8:08 > To: dirk@FreeBSD.ORG > Cc: ports@FreeBSD.ORG > Subject: FreeBSD Port: mod_php4-4.0.5 > > > You can remove the interbase option from the > makefile it is backdoored > > x x [ ] Interbase Interbase 6 database support (Firebird) x x > > Backdoored by Borland, http://www.cert.org/advisories/CA-2001-01.html for more information" > > > Thanks for porting mod_php4 to freebsd. Mathieu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008f01c0eeea$4958d3d0$020aa8c0>