Re: [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- From: decoder <decoder@xxxxxxxxxxxx>
- Date: Fri, 17 Jun 2011 12:15:43 +0200
On 06/17/2011 11:56 AM, Kai wrote:
True, and I cannot really say how many people use theseClaiming to gain root through a service that most people do not run as
root already makes me think that this fake.
do not forget about mpm-itk, mpm-peruser and analogs, when we have to
run apache as root.
modules/functions. But nevertheless I assume it's not the majority. So I
assume claiming to have an exploit that gains root on any Apache without
making further restrictions to when it can be applied seems fake. In the
case of mpm-itk for example I think the impact of exploiting the forked
instance you talk to would be no more than gaining access at the level
of the user that owns the vhost, as the forked child will drop root
immediately and run under user's uid/gid. Of course it's still possible
to find a root hole somewhere in there, but then again I guess it would
be itk specific.
Best,
Chris
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- From: kernel
- Re: [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- From: Andrew Farmer
- Re: [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- From: decoder
- Re: [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- From: Kai
- [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- Prev by Date: Re: [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- Next by Date: Re: [Full-disclosure] xp sp3 remote bof
- Previous by thread: Re: [Full-disclosure] Apache 2.0.63 - 2.2.19 Remote Exploit Fake or not?
- Next by thread: [Full-disclosure] CORE-2010-1021
- Index(es):
Relevant Pages
|
