Important security information regarding Server3

Jennifer Adams jma at cola.iges.org
Thu Apr 26 04:13:21 PDT 2007 

This problem with security ... my assumption is that it doesn't  
affect GDS, which uses JDAP 1.1.7 (DAP 2.0). Is that correct?
Jennifer


On Apr 25, 2007, at 12:08 PM, Gallagher James wrote:

> All:
>
> A problem has been found in the Server3 software which provides a  
> way for people to run commands on the computer running the server.  
> The best fix for this problem is to upgrade to Hyrax (aka.  
> Server4). For those who want to continue running the old server, we  
> will produce a patch which you can install, although the design of  
> the new server is so much superior with respect to system security  
> that I would urge everyone to carefully weigh the benefits of  
> installing a patched version of the old server. Regardless of  
> whether you choose to upgrade to Hyrax or patch your server, you  
> should seriously consider stopping any instances of Server3 you are  
> now running until you have addressed this issue.
>
> How to determine if you have been affected by this problem: Look in  
> your web server logs for evidence or people running commands.
>
> Note that this _does not_ apply to site already running Hyrax; this  
> problem only affects sites still running Server3.
>
> If you would like help in upgrading your server, or if you have  
> more questions, you can contact this list (you must subscribe  
> first, see http://www.opendap.org/mailLists/index.html, me  
> (jgallagher at opendap.org) or our user support (support- 
> opendap at unidata.ucar.edu). Shortly we will add information to the  
> OPeNDAP web page (opendap.org).
>
> Once we have addressed the short-term issues presented by this  
> problem, OPeNDAP will form a Security Working Group to develop a  
> set of policies concerning general security issues and responses to  
> problems. See http://docs.opendap.org/index.php/Working_Groups for  
> information about the Working Groups.
>
> We apologize for any inconvenience this may cause you.
>
> James
>
> --
> James Gallagher                jgallagher at opendap.org
> OPeNDAP, Inc                   406.723.8663
>
>
>

--
Jennifer M. Adams
IGES/COLA
4041 Powder Mill Road, Suite 302
Calverton, MD 20705
jma at cola.iges.org



-------------- next part --------------

More information about the Opendap-tech mailing list