mailing list archives
NCSA 1.4 Released
From: cklaus () iss net (Christopher Klaus)
Date: Tue, 9 May 1995 16:20:37 +1494730 (PDT)
NCSA version 1.4 was released last week and might be a good idea to
install if you are running NCSA 1.3 or below. NCSA 1.3 had several
vulnerability bugs that allow intruders to gain remote access.
Since some firewalls allowed http through to a web server, it would be
a very good idea to insure you aren't vulnerable.
It is available at ftp.ncsa.uiuc.edu.
Some recommendations when setting up a httpd server is make sure it is
running as nobody in the configuration files and if possible, run it
in a chroot environment.
Christopher William Klaus Voice: (404)441-2531. Fax: (404)441-2431
Internet Security Systems, Inc. Computer Security Consulting
2000 Miller Court West, Norcross, GA 30071
========================< http://iss.net/~iss >=========================
- NCSA 1.4 Released Christopher Klaus (Aug 24)