[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SunOS : web server misconfiguration

To: SKTENNEY@uci.edu, root@pasteur.ics.uci.edu, root@suns.lib.uci.edu, DBLOK@uci.edu, TOMCHECK@uci.edu, root@data.acs.uci.edu, root@tsunami.acs.uci.edu, MMTAPPER@uci.edu, BBURGESS@uci.edu, TWALKER@uci.edu, root@wave.eng.uci.edu, EBURSEY@uci.edu, DLMCMURR@uci.edu, root@ea-taurus.acs.uci.edu, HHAMBER@uci.edu, LONGMUIR@uci.edu, RESCHREI@uci.edu, root@orion-xt.acs.uci.edu, DBISOM@uci.edu, WWRECKER@uci.edu, WIEDEMAN@uci.edu, VGMCDONE@uci.edu, SHWHITE@uci.edu, CHWONG@uci.edu, SRWHITE@uci.edu, SMYANNON@uci.edu, DSLATER@uci.edu, root@turina1.eng.uci.edu, root@frisbee.rgs.uci.edu, JWKELLEY@uci.edu, root@ea-rigel.acs.uci.edu, HCLIM@uci.edu, CEWRIGHT@uci.edu, AAPKARIA@uci.edu, STERLING@uci.edu, GHEALEY@uci.edu, ZIGGY@uci.edu
Subject: SunOS : web server misconfiguration
Date: Wed, 09 Jul 1997 13:53:06 -0700
Date: Wed, 09 Jul 1997 13:53:06 -0700
Cc: oac_unix@hydra.acs.uci.edu
Delivery-date: Wed, 09 Jul 1997 13:55:13 -0700

Some UCI systems have web servers running as "root".

While this is not a direct vulnerability in itself, it is widely
reguarded as a misconfiguration, and does allow crackers to gain root
access relatively easily.

If you have a contract with DCS, we'll be fixing this for you.

[This notice is a part of OAC's efforts to keep the campus informed of
potential computer security liabilities.  Please send any questions or
concerns to us at DCS@UCI.EDU]

Prev by Date: WIN :[Fwd: [NTSEC] GetAdmin Hotfix]
Next by Date: CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading
Previous by thread: WIN :[Fwd: [NTSEC] GetAdmin Hotfix]
Next by thread: CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading
Index(es):
- Date
- Thread