On Apr 24, 2007, at 11:01 AM, G. Donald Bain wrote:
> Can anyone shed some light on this reported vulnerability on some
> of our Mac servers?
>
> It is listed as CVE-2006-3747, described as "Off-by-one error in
> the ldap scheme handling in the Rewrite module (mod_rewrite) in
> Apache 1.3..."
>
> Is this serious? Is there an easy fix?
A first read...
http://www.kb.cert.org/vuls/id/395412
...suggests that the exploit requires mod_rewrite to be enabled, AND
to be configured with a specific sort of rules.
I don't think that these conditions are true for the default
configuration for Apache on OS X?
-Greg
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about MAGNet, including how to subscribe to or unsubscribe
from its mailing list, please visit the MAGNet Web site:
http://magnet.berkeley.edu/
Received on Tue Apr 24 2007 - 12:09:27 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 24 2007 - 12:09:27 PDT