[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DCSLIB :phf security hole
- To: SKTENNEY@uci.edu, root@pulsar.adcom.uci.edu, DBLOK@uci.edu, GAGUTMAN@uci.edu, root@kuci.uci.edu, root@foxtrot.ics.uci.edu, root@cbis.cwis.uci.edu, root@stimpy.media.uci.edu, CYU@uci.edu, TOMCHECK@uci.edu, DLMCMURR@uci.edu, DSLATER@uci.edu, MASPENCE@uci.edu, DBRANT@uci.edu, PFLODMAN@uci.edu, root@crt.biomol.uci.edu, root@khool.acs.uci.edu, SRWHITE@uci.edu, root@foxtrot-atm.ics.uci.edu, root@falco.kuci.uci.edu, JEBOBROW@uci.edu, CEWRIGHT@uci.edu, GHEALEY@uci.edu, root@masaya.eng.uci.edu, DLMILLS@uci.edu
- Subject: DCSLIB :phf security hole
- From: "Dan STROMBERG" <STROMBRG@uci.edu>
- Date: Mon, 05 May 1997 14:49:58 -0700
- Cc: oac_unix@hydra.acs.uci.edu
- Delivery-date: Mon, 05 May 1997 14:51:21 -0700
- Sender: strombrg@hydra.acs.uci.edu
Some UCI hosts are vulnerable to the well known, commonly exploited
"phf" hole.
The hole allows remote crackers to read files on your machine. It is
particularly unsafe on machines that do not use shadow passwords.
If you do not use phf, simply remove it from your CGI directories.
If you do use it, ensure that it gets upgraded.
[This notice is a part of OAC's efforts to keep the campus informed of
potential computer security liabilities. Please send any questions or
concerns to us at DCS@UCI.EDU]