Re: Apache FreeBSD exploit released

From: Brett Glass (brett@lariat.org)
Date: 06/23/02


Date: Sat, 22 Jun 2002 16:57:36 -0600
To: <jps@funeralexchange.com>, <kzaraska@student.uci.agh.edu.pl>
From: Brett Glass <brett@lariat.org>

At 04:48 PM 6/22/2002, jps@funeralexchange.com wrote:

>Anyone know of any ports or tools i could use on my servers to watch out
>for something like this?

You can probably use some of the ideas I presented at the January BSDCon.
Either the Apache SetEnvIf regexes or the SNOBOL log monitor will work
for this one. See http://www.brettglass.com/logmonitors/paper.html for more.

--Brett

P.S. -- I'm still working on the replacement logging system mentioned in
that paper. It has an entirely new architecture; the hard part has been
backward compatibility with older Unices and with programs that expect to
communicate with syslogd.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message