Re: Root exploit in the wild

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora <fedora-list@xxxxxxxxxx>
Subject: Re: Root exploit in the wild
From: Lamar Owen <lowen@xxxxxxxx>
Date: Mon, 11 Feb 2008 09:55:58 -0500
In-reply-to: <20080210163423.b468e4e8.theatre@xxxxxxxxxxx>
Organization: Pisgah Astronomical Research Institute
References: <20080210163423.b468e4e8.theatre@xxxxxxxxxxx>
Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>
User-agent: KMail/1.9.6 (enterprise 0.20071204.744707)

On Sunday 10 February 2008, Frank Cox wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=432229

Hmm.  I wonder if this is how the recent apache hosted servers were rooted 
remotely, even though the official explanation was password compromise.  
While this particular issue is a local exploit, if you can get code to run on 
the box as some user local to that box then you could get a remote exploit 
through this local one.

Any local exploit can easily become a remote exploit if script injection into 
rich app servers is possible.

Thanks for posting.
-- 
Lamar Owen
www.pari.edu

Follow-Ups:
- Re: Root exploit in the wild
  - From: inode0

References:
- Root exploit in the wild
  - From: Frank Cox

Prev by Date: Re: mod_ssl or openssl?
Next by Date: Kernel 115 Doesn't Like iwl4965
Previous by thread: Re: Root exploit in the wild
Next by thread: Re: Root exploit in the wild
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux