Re: Kernel Crash Bug????

To: debian-security@lists.debian.org
Cc: Rudy Gevaert <rudy@zeus.UGent.be>
Subject: Re: Kernel Crash Bug????
From: Russell Coker <russell@coker.com.au>
Date: Tue, 15 Jun 2004 17:52:18 +1000
Message-id: <[🔎] 200406151752.18836.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20040615072441.GA28772@zeus.UGent.be>
References: <[🔎] 20040614165754.42940.qmail@web50407.mail.yahoo.com> <[🔎] 20040615072441.GA28772@zeus.UGent.be>

On Tue, 15 Jun 2004 17:24, Rudy Gevaert <rudy@zeus.UGent.be> wrote:
> Would it be possible to run that program trough e.g. perl/php/... ?
>
> A use could ftp the executable and write a php script that execute it.

Does PHP allow executing arbitary binaries?

If the user can install CGI-BIN scripts then that's a good way of running a 
kernel security attack (or other local or back-end network attack).

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Kernel Crash Bug????
  - From: David Ramsden <david@hexstream.eu.org>

References:
- Kernel Crash Bug????
  - From: peace bwitchu <peacebwitchu@yahoo.com>
- Re: Kernel Crash Bug????
  - From: Rudy Gevaert <rudy@zeus.UGent.be>

Prev by Date: Re: Kernel Crash Bug????
Next by Date: Re: Kernel Crash Bug????
Previous by thread: Re: Kernel Crash Bug????
Next by thread: Re: Kernel Crash Bug????
Index(es):
- Date
- Thread