Apache Issues Fix For Win32, OS/2 bug

← Back to Stories (view on slashdot.org)

Apache Issues Fix For Win32, OS/2 bug

Posted by Hemos on Sunday May 27, 2001 @05:56PM from the fixing-the-bugs dept.

dthor writes "An exploit was discovered that allows a malicious user to terminate the Apache server 1.3.x running on Win32 or OS2. Apache has released a patch. 'Users of older versions of Apache on Win32 and OS2 platforms are cautioned to to upgrade to 1.3.19 and apply this fix. All Win32 and OS2 users are strongly encouraged to upgrade to 1.3.20 once it is released.'"

9 comments

Min score:

Reason:

Sort:

Re:HA! See? by smooc · 2001-06-10 20:31 · Score: 1

OS = OpenSource

DUH!

--
- In Memoriam: Jeroen de Bruin (1972-2004), bye bro
Submitted that... by Orbital+Sander · 2001-05-29 07:04 · Score: 1

From my submit story page:

2001-05-22 17:58:16 Apache 1.3.20 Released (articles,apache) (rejected)

That was a week ago today... kinda disappointing. Do I get rejected because I post from MSIE on a Mac?

--

What Would the Fab Five Do?
1. Re:Submitted that... by wizzy403 · 2001-05-30 05:26 · Score: 1
  
  I did the same thing the day after you:
  
  2001-05-23 18:31:39 Apache 1.3.20 is available (articles,apache) (rejected)
  
  I'm guessing that someone was asleep at the switch and thought it had already been posted. *shrug*
2. Re:Submitted that... by lmd · 2001-05-30 14:08 · Score: 1
  
  I submitted this news just a few hours after he (Orbital Sander) posted it and before your post.
  
  2001-05-22 21:49:22 Apache 1.3.20 is now available (articles,apache) (rejected)
  
  Oh well. I hope they accept my post when Apache 2.0 (nonbeta) is available.
  
  --
  
  Just my $0.04 (adjusted for inflation)
Re:HA! See? by nirvdrum · 2001-06-06 01:19 · Score: 1

And what does a URI issue that attacks the server have to do with the OS? This kind of an attack is what gives IIS a bad name.

--
If there was a "-1 Not Funny", that'd be my most used mod.
1.3.20 by green+pizza · 2001-05-28 11:56 · Score: 2

1.3.20 has been out for what, 5 days already? Yeesh, look at the Freshmeat Slashbox from time to time.
1. Re:1.3.20 by epicurus · 2001-05-29 01:40 · Score: 2
  
  yeah, but the windoze binaries are always a few days (sometimes a week or more) behind in getting released...
  
  --
  
  terradot, growing awareness
Re:HA! See? by ConsumedByTV · 2001-06-03 22:52 · Score: 2

Yea your right, but because its OS it got patched ASAP, no cover up, no stock holders to kiss ass to, just fixed the problem and didnt even have to fill a report.

The Lottery:

--

"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
Apache 1.3.20 is released by geirt · 2001-05-27 18:17 · Score: 4

... users are strongly encouraged to upgrade to 1.3.20 once it is released.

Here is the Release Announcement for 1.3.20

The relevant part of the changelog:

* A carefully constructed URI could cause the server to segfault on Win32 and OS/2, denying access to users until the error was cleared. This is resolved on both platforms, no server data vulnerability was identified for this denial of service exploit.

--

RFC1925