Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Attempts to push spam through apache

from [Alex Butcher, ISC/ISYS] Network Security [Permanent Link]
Subject: Re: Attempts to push spam through apache
Date: Tue, 24 Aug 2004 15:55:07 +0100


--On 22 August 2004 23:02 -0700 David Benfell <benfell@parts-unknown.org> wrote:

On Sat, 21 Aug 2004 23:51:47 -0500, Gabriel Orozco wrote: 

I know there are other, newer apache versions, but SuSE doesn't have
them. I  disabled apache until the client authorizes the fix proposed
(upgrade from  sources).

SuSE, and other distributors, commonly preserve the version number of
software even as they patch the versions they offer to fix
vulnerabilities.  It's a headache because it means you have to look at
their README files and other documentation to see if they've fixed the
vulnerabilities you're looking for.

But apparently, it avoids breaking their package management systems.

This is because they backport the security fixes to older versions. This means that you can have more confidence that applying the updates won't break other functionality that you're relying upon. So it's not so much avoiding breaking their package management systems, as it is avoiding having to ship new versions of packages that depend upon the updated packages, and in turn breaking things all over the place.

<http://www.redhat.com/advice/speaks_backport.html>

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Attempts to push spam through apache, Jan Knutar
Next by Date:  Reverse SSH tunelling, Raistlin Majere
Previous by Thread:  Re: Attempts to push spam through apache, Jan Knutar
Next by Thread:  Re: Attempts to push spam through apache, Peter H. Lemieux
Indexes:  [Date] [Thread] [Top] [All Lists]