|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Trustix security advisory - apache-ssl
From: Oystein Viggen (oysteivi
TRUSTIX.COM)Date: Tue Aug 15 2000 - 05:56:35 CDT
- Next message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory: FreeBSD-SA-00:35.proftpd"
- Previous message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory: FreeBSD-SA-00:38.zope"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi
Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a
Trustix system will be installed with mode 756 instead of 755, making a
binary file that will be run by root world writable. It should not be
necessary to explain why this is an extremely bad thing.
How this bug slipped through our testing I can not explain, but it is
easily removed by doing "chmod 755 /usr/sbin/httpsd". A new rpm package
has been made availible on our ftp site.
i586 RPM:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/apache-ssl-1.3.12_1.39-7tr.i586.rpm
SRPM:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/SRPMS/apache-ssl-1.3.12_1.39-7tr.src.rpm
I'll go stand in a corner with a brown paperbag over my head now...
Humbly,
Oystein
-- TSL developer
- Next message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory: FreeBSD-SA-00:35.proftpd"
- Previous message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory: FreeBSD-SA-00:38.zope"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]