All the latest UK technology news, reviews and analysis
|
|
|
21 Mar 2002
Silicon Graphics (SGI) has admitted that its IRIX operating system is vulnerable to hackers when it runs the Apache web server.
Two security flaws affect IRIX versions 6.5.12, 6.5.13 and 6.5.14 running Apache versions prior to 1.3.22.
SGI says the risk is so bad that if users cannot upgrade they should disable Apache.
The first vulnerability is in Apache's split-logfile program, a tool used to manage logfiles. If the feature is turned on, a hacker could rewrite any file with a .log extension on the system and give them full access.
SGI said that Split-logfile is not turned on by default.
The other security flaw was found in Apache's Multiviews facility, which customises web content for browsers.
Using some configurations, a hacker could return to a directory listing and discover the locations of sensitive files on the system.
There is no patch for the flaws and SGI says that users should upgrade to an operating system newer than 6.5.14, which includes a newer version of Apache.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Our client, a leading IT services and consulting organization...
Midweight PHP Developer // LAMP // HTML // CSS...
My client a leading global financial company is seeking...
QA Test Analyst – Selenium RC – Java – Automation – Bug...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?