[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-team] /cgi-bin/phf & apache logs



A propos du scan de /cgi-bin/phf:

extraits de:
http://mistral.aviary-mag.com/text/PHF.html

"The PHF white pages directory services program distributed with the NCSA
httpd, versions 1.5a and earlier, and also included in the Apache
distribution prior to version 1.0.5, [...] Unauthorized access to the server
host may allow an intruder to read, modify, or destroy files."

"With phf, a hacker can execute commands on the server host using the same
user-id as the user running the "httpd" server."

Bref Apache version > 1.0.5 => pas de probleme.
---
Claude Iyi Dogan - * ciyidogan@icon.be <mailto:ciyidogan@icon.be> 
Icon ® - realize your net value - http://www.icon.be
Gossetlaan 32    B-1702 Brussels - Belgium
tel * +32 2 467 95 30 - fax *  +32 2 467 95 49



---------
Visit the Linux Supertore Online: http://www.redcorp.com !
If you want to be deleted from the list, send a mail to
majordomo@rtfm.be with "unsubscribe linux-team" in the body.
Archive of the list: http://tania.be.linux.org/