Subject: Not really an advocacy :-(
To: None <,>
From: Ing.,BcA. Ivan Dolezal <>
List: tech-security
Date: 06/21/2002 17:09:04

Question # 1 :

June 17, 2002

- Internet Security Systems Security Advisory: Remote Compromise
   Vulnerability in Apache HTTP Server
- Apache Security Bulletin
- CERT Advisory

June 18, 2002

- updated Apache Security Bulletin

June 19, 2002

- FBI's National Infrastructure Protection Center Advisory
- Linux Weekly News report
- Apache releases 1.3.26
- Debian, Red Hat Linux release their packages (for free)
- "Package apache-1.3.24 has a remote-root-shell vulnerability"
   message from audit-packages

June 20, 2002

- Gobbles aka apache_scalp.c presented

June 21, 2002

...problem still not mentioned at
...problem still not mentioned at
(last audit from Jun 6 05:00)
...insecure 1.3.24 still available from the package collection

Unfortunately the same situation with OpenBSD web (the primary target of 

How should I believe to *BSD commitment to security? While BSD is 
talking about high quality software, Linux people actually did something.
Am I missing something?

Question # 2:

What are my chances to do something like Openwall's stuff 
( with *BSD?