From: Ilker Gokhan (IlkerG@sumerbank.com.tr)
Date: Tue 15 May 2001 - 06:09:28 EEST
Ilgililere..
> Kimden: William A. Rowe, Jr. [mailto:wrowe@covalent.net]
> Tarih: Sunday, May 13, 2001 12:21 AM
> Kime: announce@apache.org
> Konu: [Announce] Apache 1.3 Security Fix Available for Win32/OS2 users
>
>
>
> Ports Affected: Windows 95, 98, ME, NT and 2000, OS2/Warp
>
> Versions Affected: 1.3 [all subverisons through .19]
>
> Patch: Available
>
> Replacement Binary: Available for Apache 1.3.19
>
> ----
>
> An exploit was recently reported that allows a malicious user
> to terminate the
> Apache server running on Win32 or OS2.
>
> Depending on the specific OS version, the server would stop
> listening to further
> requests, and prompt the operator that the Apache.exe process
> had performed an
> illegal operation, and would remain hung until the
> administrator cleared the fault.
>
> In all cases the server would not respond until it completed
> its restart, which
> could take one minute or more depending on the server's
> configuration. Any
> replies in process from the server would be terminated.
>
> No other operating systems are effected by the vulnerability.
> We are not aware
> of any exploits of this vulnerability other than the denial
> of service.
>
> The fixfault_win32_os2-1.3.19.patch file is available from:
>
> http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/
>
> Since many Win32 and OS2 users rely on soley on binary
> releases, the replacement
> for the core binary module file is available in the win32 and
> os2 directories:
>
> http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/win32/
> http://www.apache.org/dist/httpd/patches/apply_to_1.3.19/os2/
>
> Please read the information on those download pages
> carefully, and be sure to back
> up your existing ApacheCore.dll file before replacing it with
> this binary.
>
> Note that users of non-standard distributions, such as the
> Apache-EAPI extensions
> or ApacheSSL-enabled servers _cannot_ use this patched
> binary. Either refer to the
> distributor or vendor of your Apache build for updated
> binaries, or apply the patch
> to the sources, where available, and recompile the server.
>
> Users of older versions of Apache on Win32 and OS2 platforms
> are cautioned to to
> upgrade to 1.3.19 and apply this fix. All Win32 and OS2
> users are strongly encouraged
> to upgrade to 1.3.20 once it is released. A large number of
> Win32 bugs have been
> identified over time, and 1.3.20 will introduce more fixes for Win32.
>
> Configuration help for Windows users is by peer-support at
> the newsgroup:
>
> news:comp.infosystems.www.servers.ms-windows
>
>
>
>
>
>
> ---------------------------------------------------------------------
> You have received this mail because you are subscribed to the
> announce@apache.org mailing list.
> To unsubscribe, e-mail: announce-unsubscribe@apache.org
> For additional commands, e-mail: announce-help@apache.org
>
Bu e-postada bulunan tüm fikir ve görüsler ve ekindeki dosyalar sadece adres
sahib(ler)ine ait olup, Sümerbank A.S hiç bir sekilde sorumlu tutulamaz.
The information contained in this E-Mail and any files transmitted with it
are intended solely for the use of the individual or entity to whom they are
addressed and do not reflect those of Sumerbank A.S.
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr adresine gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Listeci arayuzu: http://listweb.bilkent.edu.tr/yardim/bilkent/linux.html
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/