LISTSERV - HP3000-L Archives

HP3000-L Archives

August 2002, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 2002, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	[HP-UX] CIAC Bulletin M-108: HP Apache Server Vulnerability in PHP (fwd)
From:	"Johnson, Tracy" <[log in to unmask]>
Reply To:	Johnson, Tracy
Date:	Mon, 12 Aug 2002 09:05:47 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

I read the following regarding today HPC-UX.

Is MPE/iX also vulnerable?

Tracy Johnson
MSI Schaevitz Sensors 

[FOR PUBLIC RELEASE]
-----BEGIN PGP SIGNED MESSAGE-----

                __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                     HP Apache Server Vulnerability in PHP 
                                [HPSBUX0208-207]

August 9, 2002 19:00 GMT                                          Number M-108
______________________________________________________________________________
PROBLEM:       The potential exists for a remotely exploitable vulnerability 
               in the portion of PHP code responsible for handling file 
               uploads, specifically multipart/form-data. 
PLATFORM:      HP9000 Servers running HP-UX release 11.00, 11.11, 11.20, and 
               11.22 with the HP Apache product installed. 
DAMAGE:        Potential for increased privilege, denial of service, or 
               execution of arbitrary code. 
SOLUTION:      Install product bundles as described below.
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. Exploiting this vulnerability could lead to 
ASSESSMENT:    an increase of privileges, denial of service, or execution of 
               arbitrary code. It is remotely exploitable.
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/m-108.shtml 
 ORIGINAL BULLETIN:  http://online.securityfocus.com/advisories/4362 
______________________________________________________________________________

[***** Start HPSBUX0208-207 *****]

http://www.ciac.org/ciac/bulletins/m-108.shtml

[***** End HPSBUX0208-207 *****]

-----BEGIN PGP SIGNATURE-----

[PGP signature snipped.  What?  You don't trust or believe it's from
the govern-meant?]

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU