On Thu, Mar 07, 2002 at 08:46:29PM +0100, Manuel Bouyer wrote: > On Thu, Mar 07, 2002 at 12:07:31AM -0500, Sean Davis wrote: > > First, I want to thank everybody who has posted information on this - it's > > something that (for obvious reasons) we don't want on our machines. > > > > I have a question, however. Does this "virus" only affect Linux hosts? > > I personally do not run Linux, and have not for some time (all the security > > problems being just one of many reasons, but I don't want this to become an > > OS war) > > > > I run NetBSD. NetBSD has, as an option. Linux binary emulation. > > Now, while I don't think there is any way for this virus to infect any other > > files on your system (that you do not own) unless you are root, how exactly > > is this program getting root? > > > > Stop me if I'm wrong - but this thread was originally about apache exploits. > > Where is the vulnerability, apache, php, or what? > > In this specific case, the exploit is in php (unless I misunderstood the > wulnerability it's about). > I think the vulnerability in question is in PHP. Is the version of PHP4 in NetBSD pkgsrc fixed? I've disabled php in apache since I don't use it much anyway, but I'd feel a lot better about re-enabling it if I knew it was no longer an issue. -- /~\ The ASCII Sean Davis \ / Ribbon Campaign aka dive X Against HTML / \ Email! http://eros.endersgame.net:8000/~dive
This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 22:20:19 PST