Gentoo Archives: gentoo-user

From: Grant <emailgrant@×××××.com>
To: Gentoo mailing list <gentoo-user@l.g.o>
Subject: [gentoo-user] apache2 AddHandler/SetHandler vulnerability
Date: Sat, 25 Apr 2015 21:23:14
1 I read about this vulnerability in the
2 2015-04-06-apache-addhandler-addtype Gentoo news item. I don't think
3 I'm using any functionality that could expose me to the problem but
4 I'd like to be able to say so for sure. Does the fact that I'm
5 up-to-date with GLSAs, I don't have PHP5 in APACHE2_OPTS (I use
6 php-fpm), along with the following (which I think is default) indicate
7 that I'm not vulnerable?
9 # grep AddHandler -R /etc/apache2
10 /etc/apache2/modules.d/70_mod_php5.conf: AddHandler
11 application/x-httpd-php .php .php5 .phtml
12 /etc/apache2/modules.d/70_mod_php5.conf: AddHandler
13 application/x-httpd-php-source .phps
14 /etc/apache2/modules.d/00_mod_mime.conf:# AddHandler allows you to map
15 certain file extensions to "handlers":
16 /etc/apache2/modules.d/00_mod_mime.conf:#AddHandler cgi-script .cgi
17 /etc/apache2/modules.d/00_mod_mime.conf:#AddHandler type-map var
18 /etc/apache2/modules.d/00_error_documents.conf: AddHandler type-map var
20 # grep AddType -R /etc/apache2
21 /etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-x509-ca-cert .crt
22 /etc/apache2/modules.d/40_mod_ssl.conf: AddType application/x-pkcs7-crl .crl
23 /etc/apache2/modules.d/00_mod_mime.conf:# AddType allows you to add to
24 or override the MIME configuration
25 /etc/apache2/modules.d/00_mod_mime.conf:#AddType application/x-gzip .tgz
26 /etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-compress .Z
27 /etc/apache2/modules.d/00_mod_mime.conf:AddType application/x-gzip .gz .tgz
28 /etc/apache2/modules.d/00_mod_mime.conf:#AddType text/html .shtml
30 - Grant


Subject Author
Re: [gentoo-user] apache2 AddHandler/SetHandler vulnerability Michael Orlitzky <mjo@g.o>