If you haven't heard... time to upgrade 1

[GoldenEternity]

If you haven't already heard, there has been a remote command execution vulnerability found in all versions of Apache. Last week, GOBBLES released a proof of concept exploit to demonstrate that not only does the hole give root, but that it will give root on OpenBSD.

This exploit is in the wild, and is likely the entry point for the monkey.org hack a few weeks back where the source code on the site was backdoored.

New versions of apache are out to fix this vuln, but be on the lookout. GOBBLES warns that they have been working on other holes in Apache as well... Given their track record, I'd believe it.

 

[fluid11]

Thanks for the info. ---------------------------------------
If someone's post was helpful to you, please click the box "Click here to mark this post as a helpful or expert post".