On Feb 11, 2008 8:55 AM, Lamar Owen <lowen@xxxxxxxx> wrote: > On Sunday 10 February 2008, Frank Cox wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=432229 > > Hmm. I wonder if this is how the recent apache hosted servers were rooted > remotely, even though the official explanation was password compromise. > While this particular issue is a local exploit, if you can get code to run on > the box as some user local to that box then you could get a remote exploit > through this local one. > > Any local exploit can easily become a remote exploit if script injection into > rich app servers is possible. I'd be surprised if those systems were running kernels that are this new. John
