Just a note to all that don't know about this one - there are a LOT of still vulnerable servers out there, there have also been exploits published and in the wild for FreeBSD, OpenBSD, NetBSD and rumors of win32 exploits, linux exploits and solaris exploits, if you haven't upgraded your web server for the past 2 years, now is your chance :-) Also of note, some apps that come bundled with precompiled versions of apache's web server will need vendor supplied patches, you should all check with your vendors to find out what they are doing and what their upgrade paths will be. There is a scanner available from http://www.eeye.com that you can use :-) how accurate it is I'm not sure, but if its reporting is true then my alteon, a number of Apple based servers and a few M$ IIS/4.0 servers are also vulnerable to this bug :-) tho I think they may simply be bogus reports due to the way it checks for the vulnerability.. -- Steve. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog