Re: apache security issue (with upstream new release)

To: <debian-security@lists.debian.org>
Subject: Re: apache security issue (with upstream new release)
From: <roman@rs-labs.com>
Date: Sat, 1 Nov 2003 21:44:05 +0100 (CET)
Message-id: <[🔎] 1122.62.37.139.38.1067719445.squirrel@www.hosting-seguridad.com>
In-reply-to: <20031101120433.GB6432@lupe-christoph.de>
References: <20031030060940.GA6350@dijkstra.csh.rit.edu> <200310300804.h9U84ma21199@mms-r00.iijmio.jp> <20031030163443.GD6350@dijkstra.csh.rit.edu> <44749.80.58.1.46.1067532574.squirrel@www.hosting-seguridad.com> <20031030172109.GJ6350@dijkstra.csh.rit.edu> <cgn2qv8ri3g7dcqarjd8vi248pm5952c9i@4ax.com> <20031030190435.GN6350@dijkstra.csh.rit.edu> <u155qvo92kfljja6mump9fq36mir7n9o3k@4ax.com> <20031031172342.GY6350@dijkstra.csh.rit.edu> <[🔎] 1219.80.103.155.210.1067680996.squirrel@www.hosting-seguridad.com> <20031101120433.GB6432@lupe-christoph.de>

Ups, my apologies. You're completely right. I meant "remote access with
apache user rights".
-R

> On Saturday, 2003-11-01 at 11:03:16 +0100, roman@rs-labs.com wrote:
>
>> - the bug is quite serious (local root, at minimun)
>
> I wonder how a user would obtain root priviledges by overrunning an
> Apache worker process. Unless, of course, the admin was clever enough
> to run Apache with "User root".
>
> Lupe Christoph
> --
> | lupe@lupe-christoph.de       |
> http://www.lupe-christoph.de/ | | "Violence is the resort of the
> violent" Lu Tze                         | | "Thief of Time", Terry
> Pratchett                                       |

Reply to:

References:
- Re: apache security issue (with upstream new release)
  - From: <roman@rs-labs.com>

Prev by Date: Re: passwd character limitations
Next by Date: Re: apache security issue (with upstream new release)
Previous by thread: Re: apache security issue (with upstream new release)
Next by thread: Re: apache security issue (with upstream new release)
Index(es):
- Date
- Thread