[Info-vax] 'Kill tool' released for unpatched Apache server vulnerability
Craig A. Berry
craigberry at nospam.mac.com
Wed Aug 24 20:39:14 EDT 2011
Neil Rieck wrote:
> Just cross posting here:
>
> 'Kill tool' released for unpatched Apache server vulnerability:
>
> http://www.zdnet.com/blog/security/kill-tool-released-for-unpatched-apache-server-vulnerability/9304?tag=nl.e589
>
> quote: A patch or new apache release for Apache 2.0 and 2.2 is
> expected later this week
>
> Does anyone know if this affects the OpenVMS flavor of Apache? IIRC,
> SWS Version 2.2 is based on Apache 2.0.63
It says it requires the use of mod_deflate. Which is not compiled in:
$ mcr apache$common:[000000]apache$httpd -v -l
Server version: Apache/2.0.63
Server built: Sep 8 2010 22:20:56
$ mcr apache$common:[000000]apache$httpd -l
Compiled in modules:
prefork.c
core.c
http_core.c
mod_so.c
nor is it explicitly set in any configuration file on my system (which
includes the default shipping configuration file):
$ search apache$common:[conf]*.conf mod_deflate
%SEARCH-I-NOMATCHES, no strings matched
But the extension does ship with SWS:
$ dir apache$common:[modules]mod_deflate
Directory APACHE$COMMON:[MODULES]
MOD_DEFLATE.EXE;1
Total of 1 file.
So, folks who have not changed the default configuration are possibly
ok, but folks who are using mod_deflate ought to do something. What they
ought to do is retain the services of someone qualified to tell them
what they ought to do, which isn't me. I've just done the first 3
minutes of their homework for them, but the rest I leave to others.
More information about the Info-vax
mailing list