Date: Wed, 20 Oct 2004 19:35:28 +0200 From: Sebastian Schulze Struchtrup <seb@struchtrup.com> To: "Simon L. Nielsen" <simon@FreeBSD.org> Cc: Remy de Ruysscher - Grip MultiMedia <deruysscher@grip.nl> Subject: Re: FBSD ports Apache 1.32? Message-ID: <4176A1E0.6030205@struchtrup.com> In-Reply-To: <20041020110259.GA38790@zaphod.nitro.dk> References: <004b01c4b68d$035a25a0$a064a8c0@grip.nl> <20041020110259.GA38790@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Simon L. Nielsen wrote: >On 2004.10.20 12:10:23 +0200, Remy de Ruysscher - Grip MultiMedia wrote: > > >>Hi, >> >>I was wondering when the FBSD Ports are updated to Apache 1.32? >>There is a know vunerability in Apache 1.31. >> >>http://xforce.iss.net/xforce/xfdb/17413 >> >> > >Well, the first requirement is that Apache 1.32 is released, which it >isn't yet according to http://httpd.apache.org/download.cgi . > > The described vulnerability is probably not really a serious problem. It affects only the htpasswd utility and thus a local user to exploit it. It is not set-uid. Many sites don't have any (unstrusted) local users and it can not be exploited by an http request. If you worry about this, you can delete it (But only if you don't need to change passwords).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4176A1E0.6030205>