Re: Apache FreeBSD exploit released

From: Brett Glass (
Date: 06/23/02

Date: Sat, 22 Jun 2002 16:57:36 -0600
To: <>, <>
From: Brett Glass <>

At 04:48 PM 6/22/2002, wrote:

>Anyone know of any ports or tools i could use on my servers to watch out
>for something like this?

You can probably use some of the ideas I presented at the January BSDCon.
Either the Apache SetEnvIf regexes or the SNOBOL log monitor will work
for this one. See for more.


P.S. -- I'm still working on the replacement logging system mentioned in
that paper. It has an entirely new architecture; the hard part has been
backward compatibility with older Unices and with programs that expect to
communicate with syslogd.

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message