On Mon, Sep 19, 2011 at 6:37 AM, Rod Whitworth <glis...@witworx.com> wrote: > What a pity that people don't do any searching b4 asking.... > > STFA for this list and (IIRC) find links to the PoC tool amongst other > info.
Yes, and this has nothing to do with OpenBSD (this time). The apache foundation has adjusted the security advisory and Apache 1.3 isn't vulnerable. https://httpd.apache.org/security/CVE-2011-3192.txt > > > > On Mon, 19 Sep 2011 04:24:19 -0600, Shane Harbour wrote: > >>On 9/18/2011 9:42 PM, L. V. Lammert wrote: >>> On Sun, 18 Sep 2011, Amit Kulkarni wrote: >>> >>>> Recently there was a security issue with Apache. It was based on a >>>> perl script, search google. Maybe you are experiencing traffic and the >>>> realted problems because of that. >>>> >>> Is there any way to find out if the version in 4.3 was susceptable to the >>> attack? >>> >>> Lee >>> >> >>I believe the Apache Foundation released that Apache 1.3 is susceptable >>to this attack. However, with changes made by the devs, it's possible >>the version in OpenBSD may not be. >> >>If you have a spare box, you could always load it up and test it. I >>believe there is an Apache killer perl script floating on the 'net that >>you could use to test with. >> >>Shane >> > > *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. > Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. > > Rod/ > --- > This life is not the real thing. > It is not even in Beta. > If it was, then OpenBSD would already have a man page for it. > > -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."
