Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sun Jun 23 2002 - 07:05:16 PDT

Next message: Alexander Yurchenko: "Re: Another flaw in Apache?"

Previous message: Filipe Jorge Marques de Almeida: "Re: Another flaw in Apache?"
In reply to: Filipe Jorge Marques de Almeida: "Re: Another flaw in Apache?"
Next in thread: Michal Zalewski: "Re: Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:
> Don't forget this is not a serious vulnerability in many configurations (if the
> user already has permission to run cgi scripts without suexec, SSI, etc).

  Indeed, the fact that any user can stop the whole web server, or launch
commands as the web server uid despite the use of suexec is not serious.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Next message: Alexander Yurchenko: "Re: Another flaw in Apache?"
Previous message: Filipe Jorge Marques de Almeida: "Re: Another flaw in Apache?"
In reply to: Filipe Jorge Marques de Almeida: "Re: Another flaw in Apache?"
Next in thread: Michal Zalewski: "Re: Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 08:58:19 PDT