[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030621.5140506@blackbox.net>
From: xian at mediaclan.at (Christian Friedl)
Subject: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST)
"mattmurphy@...rr.com" <mattmurphy@...rr.com> writes on
Fri, 20 Jun 2003 20:48:33 +0200 (METDST):
> Had KOEC intended to cause serious damage, that shellcode could have
> been
> written to execute:
>
> rm -rf /
>
> it is advised that users at least drop the privileges of suspect code
> with
> 'su' -- never run suspect files as highly-privileged users.
Just wanted to add: that won't help much in case it really IS a
local root exploit.
I call stuff like this "local curiosity exploit", admit to have
fallen for that kind of traps in the past and repent my sins :-)
chris
(stand1ng 1n c0rn3r, watching the x-files)
Powered by blists - more mailing lists