[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Apache Vulnerability

Subject: Re: [cobalt-security] Apache Vulnerability
From: "Paul Wilson" <webguroo@xxxxxxxxxxxxxxx>
Date: Tue, 9 Jul 2002 09:42:29 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> http://www.extremetech.com/article2/0,3973,302776,00.asp
> It appears the fix to apache just keeps the person from getting root
> access, not from doing the DOS.

According to what I read, vulnerabilities vary according to platform.
http://www.extremetech.com/article2/0,3973,3125,00.asp  Apache for Windows
allowed the DoS a way into the server.

My understanding of the patch is that it prevents the server from locking
up.  It can't prevent a DoS attack which comes from outside anyway.  It
keeps the child processes and logging overuns from locking up the server.

Paul Wilson
webguroo@xxxxxxxxxxxxxxx


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 7/6/2002

References:
- [cobalt-security] RaQ4 New Serial Numbers
  - From: Chad Parker
- Re: [cobalt-security] Apache Vulnerability
  - From: David Lucas

Prev by Date: [cobalt-security] mod_ssl
Next by Date: Re: [cobalt-security] Apache Vulnerability
Previous by thread: Re: [cobalt-security] Apache Vulnerability
Next by thread: Re: [cobalt-security] Apache Vulnerability

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index