On Thu, Dec 15, 2005 at 05:20:19PM +0000, kevin bailey wrote: > > get DDOSed in retaliation (I am guessing really). Anyways on a > > multi-user web server it difficult to track down the vulnerable cgi > > unless you run the cgi's as the account owner (as apposed to all running > > as www-data), and the conversion to suexec or cgiwrap is nontrivial > > good point - i installed cg-wrap before and found it was ok to install on > debian. this should be there as a matter of course. Make sure you install the latest version (3.9-3.1) since it removes some security exposures that were in previous versions (not critical, that's why there's no DSA). Backporting it to stable should be straightforward. Regards Javier
Attachment:
signature.asc
Description: Digital signature