Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sun Jun 23 2002 - 07:05:16 PDT

  • Next message: Alexander Yurchenko: "Re: Another flaw in Apache?"

    On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:
    > Don't forget this is not a serious vulnerability in many configurations (if the
    > user already has permission to run cgi scripts without suexec, SSI, etc).
    
      Indeed, the fact that any user can stop the whole web server, or launch
    commands as the web server uid despite the use of suexec is not serious.
    
    -- 
     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
      \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 08:58:19 PDT