ACCESS CONTROL PROBLEM in NCSA httpd

Rob McCool (robm@ncsa.uiuc.edu)
Fri, 25 Mar 1994 10:02:46 --100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: George Phillips: "Re: folding elements"
Previous message: John C. Mallery: "Re: Collapsible/expandable list"

A vulnerability has been identified with NCSA httpd 1.1's access
control. The impact of this is that if you have files which are
protected by httpd's access control via the global ACF access.conf,
the protection can be circumvented and access can be gained to the
files regardless of the client's DNS hostname, host IP address, or
HTTP user name.

Any users of NCSA httpd 1.1 should pick up a patch from
ftp://ftp.ncsa.uiuc.edu/Web/ncsa_httpd/httpd_1.1/httpd-access-patch and
recompile httpd immediately. The distribution binaries and .tar files
have also been updated so that binary users can install a new copy of
the httpd binary and have the patch installed.

Thanks for your patience.

--Rob

--
Rob McCool, robm@ncsa.uiuc.edu
Software Development Group, National Center for Supercomputing Applications
It was working ten minutes ago, I swear...
<A HREF="http://hoohoo.ncsa.uiuc.edu/~robm/sg.html">A must see.</A>

Next message: George Phillips: "Re: folding elements"
Previous message: John C. Mallery: "Re: Collapsible/expandable list"