FBSD ports Apache 1.32?
Sebastian Schulze Struchtrup
seb at struchtrup.com
Wed Oct 20 10:34:26 PDT 2004
Simon L. Nielsen wrote:
>On 2004.10.20 12:10:23 +0200, Remy de Ruysscher - Grip MultiMedia wrote:
>
>
>>Hi,
>>
>>I was wondering when the FBSD Ports are updated to Apache 1.32?
>>There is a know vunerability in Apache 1.31.
>>
>>http://xforce.iss.net/xforce/xfdb/17413
>>
>>
>
>Well, the first requirement is that Apache 1.32 is released, which it
>isn't yet according to http://httpd.apache.org/download.cgi .
>
>
The described vulnerability is probably not really a serious problem.
It affects only the htpasswd utility and thus a local user to exploit
it. It is not set-uid.
Many sites don't have any (unstrusted) local users and it can not be
exploited by an http request.
If you worry about this, you can delete it (But only if you don't need
to change passwords).
More information about the freebsd-ports
mailing list