[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] My updated RaQ2s show vulnerable
- Subject: Re: [cobalt-users] My updated RaQ2s show vulnerable
- From: "Peter Masloch" <peter@xxxxxxxxxxx>
- Date: Wed Jul 3 11:26:15 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Glenn,
i also have Apache 1.3.3 and have tested it with the newst Eeye tool.
The Eeye tool says that my Apache is not vulnerable
[root sbin]# ./httpd -v
Server version: Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)
Server built: Jun 24 2002 22:16:13
Peter
----- Original Message -----
From: "Glenn Parsons" <gparsons@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, July 03, 2002 12:57 PM
Subject: Re: [cobalt-users] My updated RaQ2s show vulnerable
> At 07:11 PM 7/2/02 -0400, you wrote:
> >My Raq2 is fine now after the install if the sunsolve .pkg upgrade.
> >Did something go wrong during your .pkg install? Anything in
> >the logfiles?
> >Peter
> >
> >
> > > Hello All,
> > >
> > > I updated the Retina chunked scanner from http://www.eeye.com and
> > > re-scanned my servers after seeing the posts the other day. My RaQ2s,
> >which
> > > have been patched to the latest Apache patch, still show up
vulnerable.
> > >
> > > From the command-line of one RaQ2:
> > >
> > > [admin admin]$ httpd -V
> > > Server version: Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)
> > > Server built: Jun 24 2002 22:16:13
> > > Server's Module Magic Number: 19980917:0
> > > Server compiled with....
> > > -D HAVE_MMAP
> > > -D HAVE_SHMGET
> > > -D USE_SHMGET_SCOREBOARD
> > > -D USE_MMAP_FILES
> > > -D USE_FLOCK_SERIALIZED_ACCEPT
> > > -D HTTPD_ROOT="/etc/httpd"
> > > -D SUEXEC_BIN="/usr/sbin/suexec"
> > > -D SHARED_CORE_DIR="/usr/lib/apache"
> > > -D DEFAULT_PIDLOG="/var/run/httpd.pid"
> > > -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard"
> > > -D DEFAULT_LOCKFILE="/var/run/httpd.lock"
> > > -D DEFAULT_XFERLOG="/var/log/httpd/access_log"
> > > -D DEFAULT_ERRORLOG="/var/log/httpd/error_log"
> > > -D TYPES_CONFIG_FILE="conf/mime.types"
> > > -D SERVER_CONFIG_FILE="conf/httpd.conf"
> > > -D ACCESS_CONFIG_FILE="conf/access.conf"
> > > -D RESOURCE_CONFIG_FILE="conf/srm.conf"
> > > [admin admin]$ httpd -v
> > > Server version: Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)
> > > Server built: Jun 24 2002 22:16:13
> > > [admin admin]$
> > >
> > > Any comments?
> > >
> > > Thanks,
> > > Glenn
> > >
>
> Hello All,
>
> Peter, what version Apache do you have installed after the upgrade?
>
> Mine:
> [admin admin]$ httpd -v
> Server version: Apache/1.3.3 Cobalt (Unix) (Red Hat/Linux)
> Server built: Jun 24 2002 22:16:13
>
> Did you scan with the eeye.com scanner?
>
> I don't see any errors whatsoever (other than my darned ISP operating a
> Code Red-spewing Win2K server!) #$%^@$%&@#$%&!!!
>
> Thanks,
> Glenn Parsons
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>