From owner-freebsd-ports Wed Jun 6 17:39:47 2001 Delivered-To: freebsd-ports@freebsd.org Received: from postoffice.aims.com.au (advanc2.lnk.telstra.net [139.130.119.73]) by hub.freebsd.org (Postfix) with ESMTP id F087637B403 for ; Wed, 6 Jun 2001 17:39:41 -0700 (PDT) (envelope-from chris@aims.com.au) Received: from postoffice.aims.com.au (nts-ts1.aims.private [192.168.10.2]) by postoffice.aims.com.au with ESMTP id f570dcr86369 for ; Thu, 7 Jun 2001 10:39:39 +1000 (EST) (envelope-from chris@aims.com.au) Received: from ntsts1 by aims.com.au with SMTP (MDaemon.v3.5.3.R) for ; Thu, 07 Jun 2001 10:39:19 +1000 Reply-To: From: "Chris Knight" To: Cc: , Subject: RE: FreeBSD Port: mod_php4-4.0.5 Date: Thu, 7 Jun 2001 10:39:17 +1000 Message-ID: <008f01c0eeea$4958d3d0$020aa8c0@aims.private> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <000701c0eed5$18ba9660$41f41aac@GVL03756NTW.vsi.videotron.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal X-Return-Path: chris@aims.com.au X-MDaemon-Deliver-To: freebsd-ports@freebsd.org Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Howdy, Someone hasn't bothered to do some simple verification. The Interbase support offered by mod_php4 uses Firebird 0.9-4 which was committed as databases/firebird. The CERT advisory mentions that Firebird 0.9-3 or previous are vulnerable. http://www.securityfocus.com/news/136 provides information on how to check for the backdoor vulnerability. Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au > -----Original Message----- > From: owner-freebsd-ports@FreeBSD.ORG [mailto:owner-freebsd-ports@FreeBSD.ORG]On Behalf Of degen > Sent: Thursday, 7 June 2001 8:08 > To: dirk@FreeBSD.ORG > Cc: ports@FreeBSD.ORG > Subject: FreeBSD Port: mod_php4-4.0.5 > > > You can remove the interbase option from the > makefile it is backdoored > > x x [ ] Interbase Interbase 6 database support (Firebird) x x > > Backdoored by Borland, http://www.cert.org/advisories/CA-2001-01.html for more information" > > > Thanks for porting mod_php4 to freebsd. Mathieu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message