[JaxPM] FW: Apache Week issue 261
JONES, WILLIAM C
wcjones at exchange.fccj.org
Fri Aug 31 11:43:35 CDT 2001
On the jacksonville-pm-list; Jax.PM'er "JONES, WILLIAM C" <wcjones at exchange.fccj.org> wrote -
Anyone using *SQL products within Apache? You may wish to share with
Apache/SQL developers...
HTH/Sx :]
-----Original Message-----
From: Apache Week
To: apacheweek at apacheweek.com
Sent: 8/31/2001 12:18 PM
Subject: Apache Week issue 261
Security vulnerability found in third-party modules
RUS-CERT has discovered a vulnerability that affects several
third-party Apache authentication modules that use SQL databases to
store authentication information. An external attacker can make use
of this vulnerability to obtain arbitrary data from your server.
The modules known to be affected include:
* AuthPG
* mod_auth_mysql
* mod_auth_oracle
* mod_auth_pgsql
* mod_auth_pgsql_sys
If you are using one of these modules, or any other module to
authenticate against a SQL database read [4]the full advisory and
update your module.
Also -
In the wake of the Code Red worm, Joe "Zonker" Brockmeier warns
Unix and Linux administrators running the Apache Web Server not to
let their guard down in this tongue-in-cheek but apt piece entitled
[9]"Thinking about Security". I'm sure many of you will find his
advice on how to stop your boss from embarrassing himself useful.
______________________________________________________________
References
http://cvs.apache.org/viewcvs.cgi/~checkout~/httpd-test/flood/examples/round
-robin.xml?content-type=text/plain&only_with_tag=HEAD
http://httpd.apache.org/docs/misc/perf-tuning.html#compiletime
http://cert.uni-stuttgart.de/advisories/apache_auth.php
http://www.apacheref.com/
http://www.samag.com/articles/2001/0109/0109h/0109h.htm
http://www.unixreview.com/articles/2001/0108/0108m/0108m.htm
Jax.PM Moderator's Note:
This message was posted to the Jacksonville Perl Monger's Group listserv.
The group manager can be reached at -- owner-jacksonville-pm-list at pm.org
to whom send all praises, complaints, or comments...
More information about the Jacksonville-pm
mailing list