Mon Sep 16 00:58:30 2019
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2019-01-01

HANGOUT

2019-09-16 | 2019-08-16 | 2019-07-16 | 2019-06-16 | 2019-05-16 | 2019-04-16 | 2019-03-16 | 2019-02-16 | 2019-01-16 | 2018-12-16 | 2018-11-16 | 2018-10-16 | 2018-09-16 | 2018-08-16 | 2018-07-16 | 2018-06-16 | 2018-05-16 | 2018-04-16 | 2018-03-16 | 2018-02-16 | 2018-01-16 | 2017-12-16 | 2017-11-16 | 2017-10-16 | 2017-09-16 | 2017-08-16 | 2017-07-16 | 2017-06-16 | 2017-05-16 | 2017-04-16 | 2017-03-16 | 2017-02-16 | 2017-01-16 | 2016-12-16 | 2016-11-16 | 2016-10-16 | 2016-09-16 | 2016-08-16 | 2016-07-16 | 2016-06-16 | 2016-05-16 | 2016-04-16 | 2016-03-16 | 2016-02-16 | 2016-01-16 | 2015-12-16 | 2015-11-16 | 2015-10-16 | 2015-09-16 | 2015-08-16 | 2015-07-16 | 2015-06-16 | 2015-05-16 | 2015-04-16 | 2015-03-16 | 2015-02-16 | 2015-01-16 | 2014-12-16 | 2014-11-16 | 2014-10-16 | 2014-09-16 | 2014-08-16 | 2014-07-16 | 2014-06-16 | 2014-05-16 | 2014-04-16 | 2014-03-16 | 2014-02-16 | 2014-01-16 | 2013-12-16 | 2013-11-16 | 2013-10-16 | 2013-09-16 | 2013-08-16 | 2013-07-16 | 2013-06-16 | 2013-05-16 | 2013-04-16 | 2013-03-16 | 2013-02-16 | 2013-01-16 | 2012-12-16 | 2012-11-16 | 2012-10-16 | 2012-09-16 | 2012-08-16 | 2012-07-16 | 2012-06-16 | 2012-05-16 | 2012-04-16 | 2012-03-16 | 2012-02-16 | 2012-01-16 | 2011-12-16 | 2011-11-16 | 2011-10-16 | 2011-09-16 | 2011-08-16 | 2011-07-16 | 2011-06-16 | 2011-05-16 | 2011-04-16 | 2011-03-16 | 2011-02-16 | 2011-01-16 | 2010-12-16 | 2010-11-16 | 2010-10-16 | 2010-09-16 | 2010-08-16 | 2010-07-16 | 2010-06-16 | 2010-05-16 | 2010-04-16 | 2010-03-16 | 2010-02-16 | 2010-01-16 | 2009-12-16 | 2009-11-16 | 2009-10-16 | 2009-09-16 | 2009-08-16 | 2009-07-16 | 2009-06-16 | 2009-05-16 | 2009-04-16 | 2009-03-16 | 2009-02-16 | 2009-01-16 | 2008-12-16 | 2008-11-16 | 2008-10-16 | 2008-09-16 | 2008-08-16 | 2008-07-16 | 2008-06-16 | 2008-05-16 | 2008-04-16 | 2008-03-16 | 2008-02-16 | 2008-01-16 | 2007-12-16 | 2007-11-16 | 2007-10-16 | 2007-09-16 | 2007-08-16 | 2007-07-16 | 2007-06-16 | 2007-05-16 | 2007-04-16 | 2007-03-16 | 2007-02-16 | 2007-01-16 | 2006-12-16 | 2006-11-16 | 2006-10-16 | 2006-09-16 | 2006-08-16 | 2006-07-16 | 2006-06-16 | 2006-05-16 | 2006-04-16 | 2006-03-16 | 2006-02-16 | 2006-01-16 | 2005-12-16 | 2005-11-16 | 2005-10-16 | 2005-09-16 | 2005-08-16 | 2005-07-16 | 2005-06-16 | 2005-05-16 | 2005-04-16 | 2005-03-16 | 2005-02-16 | 2005-01-16 | 2004-12-16 | 2004-11-16 | 2004-10-16 | 2004-09-16 | 2004-08-16 | 2004-07-16 | 2004-06-16 | 2004-05-16 | 2004-04-16 | 2004-03-16 | 2004-02-16 | 2004-01-16 | 2003-12-16 | 2003-11-16 | 2003-10-16 | 2003-09-16 | 2003-08-16 | 2003-07-16 | 2003-06-16 | 2003-05-16 | 2003-04-16 | 2003-03-16 | 2003-02-16 | 2003-01-16 | 2002-12-16 | 2002-11-16 | 2002-10-16 | 2002-09-16 | 2002-08-16 | 2002-07-16 | 2002-06-16 | 2002-05-16 | 2002-04-16 | 2002-03-16 | 2002-02-16 | 2002-01-16 | 2001-12-16 | 2001-11-16 | 2001-10-16 | 2001-09-16 | 2001-08-16 | 2001-07-16 | 2001-06-16 | 2001-05-16 | 2001-04-16 | 2001-03-16 | 2001-02-16 | 2001-01-16 | 2000-12-16 | 2000-11-16 | 2000-10-16 | 2000-09-16 | 2000-08-16 | 2000-07-16 | 2000-06-16 | 2000-05-16 | 2000-04-16 | 2000-03-16 | 2000-02-16 | 2000-01-16 | 1999-12-16

Key: archive Value: 2019-01-01

Key: id Value: 547547

MESSAGE
DATE 2019-01-15
FROM Ruben Safir
SUBJECT Subject: [Hangout - NYLXS] Modperl security alert
From hangout-bounces-at-nylxs.com Tue Jan 15 06:07:41 2019
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82])
by mrbrklyn.com (Postfix) with ESMTP id 4EA7E16113A;
Tue, 15 Jan 2019 06:07:40 -0500 (EST)
X-Original-To: hangout-at-nylxs.com
Delivered-To: hangout-at-nylxs.com
Received: from [10.0.0.62] (www.mrbrklyn.com [96.57.23.83])
by mrbrklyn.com (Postfix) with ESMTP id 13B4A161132
for ; Tue, 15 Jan 2019 06:07:37 -0500 (EST)
To: Hangout
From: Ruben Safir
Message-ID:
Date: Tue, 15 Jan 2019 06:06:33 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.4.0
MIME-Version: 1.0
Content-Language: en-US
Subject: [Hangout - NYLXS] Modperl security alert
X-BeenThere: hangout-at-nylxs.com
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NYLXS Tech Talk and Politics
List-Unsubscribe: ,

List-Post:
List-Help:
List-Subscribe: ,

Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: hangout-bounces-at-nylxs.com
Sender: "Hangout"

CVE-2011-2767 Detail
Current Description

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl
code by placing it in a user-owned .htaccess file, because (contrary to
the documentation) there is no configuration option that permits Perl
code for the administrator's control of HTTP request processing without
also permitting unprivileged users to run Perl code in the context of
the user account that runs Apache HTTP Server processes.

Source: MITRE
Description Last Modified: 08/26/2018
View Analysis Description
Impact
CVSS v3.0 Severity and Metrics:

Base Score: 9.8 CRITICAL
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 3.9

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
CVSS v2.0 Severity and Metrics:

Base Score: 10.0 HIGH
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0

Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service
References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have
provided these links to other web sites because they may have
information that would be of interest to you. No inferences should be
drawn on account of other sites being referenced, or not, from this
page. There may be other web sites that are more appropriate for your
purpose. NIST does not necessarily endorse the views expressed, or
concur with the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on these sites.
Please address comments about this page to nvd-at-nist.gov.
Hyperlink Resource
http://www.securityfocus.com/bid/105195 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2737 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2825 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2826 Third Party Advisory
https://bugs.debian.org/644169 Issue Tracking Mailing List Third Party
Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html
Mailing List Third Party Advisory
https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E
Mailing List Third Party Advisory
https://usn.ubuntu.com/3825-1/ Third Party Advisory
https://usn.ubuntu.com/3825-2/ Third Party Advisory
Technical Details

Vulnerability Type (View All)

Code Injection (CWE-94)

Vulnerable software and versions Switch to CPE 2.2
Configuration 1
OR
cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:* versions from (including)
2.0.0 up to (including) 2.0.10
Configuration 2
OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout

  1. 2019-01-02 From: "IEEE Spectrum University Spotlight" <reply-at-media.ieee.org> Subject: [Hangout - NYLXS] Latest in Continuing Education Programs, Degrees,
  2. 2019-01-02 From: "Free Software Foundation" <info-at-fsf.org> Subject: [Hangout - NYLXS] Free Software Supporter Issue 129, January 2019
  3. 2019-01-05 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Anyone up for a trip to the Met,
  4. 2019-01-07 James E Keenan <jkeenan-at-pobox.com> Subject: [Hangout - NYLXS] First social meeting of 2019: Monday Jan 14 at
  5. 2019-01-07 James E Keenan <jkeenan-at-pobox.com> Subject: [Hangout - NYLXS] First social meeting of 2019: Monday Jan 14 at
  6. 2019-01-08 James E Keenan <jkeenan-at-pobox.com> Subject: [Hangout - NYLXS] Request help getting article from IEEE
  7. 2019-01-07 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #389 - Welcome to 2019! What are
  8. 2019-01-03 From: "IEEE Spectrum Tech Alert" <reply-at-media.ieee.org> Subject: [Hangout - NYLXS] Consumer Electronics Hall of Fame and 2018's
  9. 2019-01-03 From: "American Museum of Natural History" <learn-at-amnh.org> Subject: [Hangout - NYLXS] Register for Our Spring Session 1 Courses for
  10. 2019-01-09 Ruben Safir <ruben.safir-at-my.liu.edu> Subject: [Hangout - NYLXS] Fwd: Resource Control -at- Facebook on Thursday,
  11. 2019-01-11 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Copyright Wars
  12. 2019-01-11 From: "Ruben.Safir" <ruben.safir-at-my.liu.edu> Subject: [Hangout - NYLXS] Fwd: New York Artificial Intelligence In
  13. 2019-01-03 From: "IEEE Spectrum Tech Alert" <reply-at-media.ieee.org> Subject: [Hangout - NYLXS] Hi Ruben, what do you think?
  14. 2019-01-13 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #390 - It is time for Perl Conference
  15. 2019-01-13 James E Keenan <jkeenan-at-pobox.com> Re: [Hangout - NYLXS] Request help getting article from IEEE
  16. 2019-01-13 Devin Heitmueller <devin.heitmueller-at-gmail.com> Re: [Hangout - NYLXS] Request help getting article from IEEE
  17. 2019-01-13 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #390 - It is time for Perl Conference
  18. 2019-01-14 From: "Pat Schloss" <pschloss-at-umich.edu> Subject: [Hangout - NYLXS] [mothur] Upcoming mothur workshops
  19. 2019-01-14 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Fwd: [mothur] Upcoming mothur workshops
  20. 2019-01-14 Ruben Safir <mrbrklyn-at-panix.com> Subject: [Hangout - NYLXS] Meeting this week
  21. 2019-01-15 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] 3d imagine for Paleontological specimens
  22. 2019-01-15 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Modperl security alert
  23. 2019-01-15 From: "Mancini, Sabin (DFS)" <Sabin.Mancini-at-dfs.ny.gov> Re: [Hangout - NYLXS] Meeting this week | | Why not meet Thursday
  24. 2019-01-15 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Fwd: RSVP to Free Blue Note Show! Plus Eddie
  25. 2019-01-17 Ruben Safir <mrbrklyn-at-panix.com> Re: [Hangout - NYLXS] Meeting this week | | Why not meet Thursday
  26. 2019-01-17 From: "Mancini, Sabin (DFS)" <Sabin.Mancini-at-dfs.ny.gov> Re: [Hangout - NYLXS] Meeting this week | | Why not meet Thursday
  27. 2019-01-17 From: "Deutsch, Chaim" <CDeutsch-at-council.nyc.gov> Subject: [Hangout - NYLXS] THE DEUTSCH REPORT: News From Councilmember Chaim
  28. 2019-01-21 Ruben Safir <mrbrklyn-at-panix.com> Subject: [Hangout - NYLXS] Documentaries
  29. 2019-01-22 Ruben Safir <ruben.safir-at-my.liu.edu> Subject: [Hangout - NYLXS] New York Artificial Intelligence In Healthcare
  30. 2019-01-22 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Meeting this week | | Why not meet Thursday
  31. 2019-01-18 From: "American Museum of Natural History" <fieldtrips-at-amnh.org> Subject: [Hangout - NYLXS] Upcoming Professional Opportunities at the Museum
  32. 2019-01-21 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #391 - Serverless Perl
  33. 2019-01-20 James E Keenan <jkeenan-at-pobox.com> Subject: [Hangout - NYLXS] Presentations requested for ny.pm technical
  34. 2019-01-22 DCAS <MyNYC-at-nyc.gov> Subject: [Hangout - NYLXS] REMINDER: Changes to Your OASys Account
  35. 2019-01-23 ruben <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Fwd: Two ways to Refigure the Future with Eyebeam
  36. 2019-01-22 From: "IEEE The Institute Alert" <reply-at-media.ieee.org> Subject: [Hangout - NYLXS] =?utf-8?q?U=2ES=2E_Judge_Rules_Mats_J=C3=A4rlst?=
  37. 2019-01-23 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Community Pharmacy is being destroyed by the PBMs
  38. 2019-01-24 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Community Pharmacy is being destroyed by the
  39. 2019-01-24 From: "SUSE" <events-at-suse.com> Subject: [Hangout - NYLXS] SUSECON: The Best Open Source Conference Value in
  40. 2019-01-25 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Community Pharmacy is being destroyed by the
  41. 2019-01-24 Healthcare Update News Service <admin-at-healthcareupdatenewsservice.com> Subject: [Hangout - NYLXS] Health Datapalooza: Hear Directly From Health
  42. 2019-01-25 Stephan Bosch <stephan-at-rename-it.nl> Re: [Hangout - NYLXS] problem in setting up proxy
  43. 2019-01-26 Ruben Safir <mrbrklyn-at-panix.com> Re: [Hangout - NYLXS] Community Pharmacy is being destroyed by the
  44. 2019-01-28 Gabor Szabo <gabor-at-szabgab.com> Subject: [Hangout - NYLXS] [Perlweekly] #392 - Time to submit talk/workshop
  45. 2019-01-28 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Libre Planet in Boston
  46. 2019-01-28 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Community Pharmacy is being destroyed by the
  47. 2019-01-29 mrbrklyn <mrbrklyn-at-panix.com> Subject: [Hangout - NYLXS] Fwd: New York University Special Invite: HireNYC
  48. 2019-01-28 From: "HireNYC 2019 Alumni Career Fair" <jesse-at-gohiretalent.net> Subject: [Hangout - NYLXS] New York University Special Invite: HireNYC 2019
  49. 2019-01-31 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Community Pharmacy is being destroyed by the PBMs
  50. 2019-01-31 From: "IEEE Spectrum Tech Alert" <reply-at-media.ieee.org> Subject: [Hangout - NYLXS] 3D Printing: New Technique Turns Out Objects 100
  51. 2019-01-31 From: "American Museum of Natural History" <learn-at-amnh.org> Subject: [Hangout - NYLXS] Take a Peek at Our Next Session's Courses!

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!