Bug#357561: Severity

To: 357561@bugs.debian.org
Subject: Bug#357561: Severity
From: Richard Thrippleton <ret28@cam.ac.uk>
Date: Thu, 1 Mar 2007 11:19:42 +0000
Message-id: <[🔎] 20070301111942.GA4811@ret.me.uk>
Reply-to: Richard Thrippleton <ret28@cam.ac.uk>, 357561@bugs.debian.org

As the person who found and has thoroughly tested this bug, I can confirm
firsthand that this isn't just a case of apache being vulnerable with "-F"! I
specifically mentioned using the init script in the original report over a
month ago, not "-F". That is, the circumstances required to exploit this are
not 'rare'.
With this in mind, I'm still confused as to why if you can root a machine with
a buffer overflow, it's critical, but if you can root a machine using a
terminal exploit, it's not. Either way, you end up with an owned machine, the
method is unimportant.

Richard

Reply to:

Prev by Date: Bug#357561: privilege escalation hole
Next by Date: Bug#357561: privilege escalation hole
Previous by thread: Bug#357561: privilege escalation hole
Next by thread: Processing of apache_1.3.34-4.1_i386.changes
Index(es):
- Date
- Thread