[nycbug-talk] Apache Vuln, mod_rewrite

Jeff Quast af.dingo at gmail.com
Wed Aug 2 13:11:27 EDT 2006


On 8/2/06, Isaac Levy <ike at lesmuug.org> wrote:
> Hi Folks,
>
> I'm emailing to somewhat gently sound the alarm, there's an esoteric
> Apache vulnerability which is not getting much attention (and from
>
> Thing is, today this hit undeadly, indeed a fine publication online-

Today? Are you saying that undeadly.org was affected by this
vulnerability today? It doesn't even run apache ...

OpenBSD announced the patch on Sunday
http://www.openbsd.org/errata.html , with the modification time of the
28th as well.
Undeadly posted the story on this on Monday.
If you are concerned about missing this sort of thing on OpenBSD
(Undeadly is for and by the openbsd community), then there are rss
feeds for this as well http://undeadly.org/cgi?action=errata . There
is no harm in using a daily crontab that uses ftp to retrieve
errata.html, doing a diff, and if different then emailing root.

I just wanted to clarify the statement "today this hit undeadly". I
don't want somebody taking this the wrong way and thinking undeadly
was hacked!!

Thanks,
jdq



More information about the talk mailing list