| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 09 Aug 2013 20:31:43 +1000 From: Noel Butler <noel.butler@...ics.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: Apache suEXEC privilege elevation / information disclosure Who are you talking to? You keep deleting everyone else's quotes except your own so we have no idea, please stop selective quoting if you want to be taken with any grain of seriousness and expect a response. If you're not doing it deliberately, then your client seems to be breaking things :) if its in relation to my statement? This is not a vulnerability, if you disagree with that, by all means visit http://httpd.apache.org/bug_report.html Cheers On Fri, 2013-08-09 at 16:33 +0700, Kingcope wrote: > So the blackhat that Sits on ur Site and the site of ur company Since half a year will stop at the point Where its "technically incorrect" and wont escalate to root because "it doesnt have to do Anything with suexec". Its an Old vuln so let it stay , better for us and soon our Data on your boxes. > > Time to Write a Real Root exploit and dont waste the Time with sysadmins that know how to set a flag in httpd.conf , apache devs included. > Content of type "text/html" skipped Download attachment "face-smile.png" of type "image/png" (873 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists