lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 17 Jun 2011 12:15:43 +0200
From: decoder <decoder@...-hero.net>
To: Kai <kai@...nn.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache 2.0.63 - 2.2.19 Remote Exploit Fake or
 not?

On 06/17/2011 11:56 AM, Kai wrote:
>> Claiming to gain root through a service that most people do not run as
>> root already makes me think that this fake.
>
> do not forget about mpm-itk, mpm-peruser and analogs, when we have to
> run apache as root.
>
True, and I cannot really say how many people use these
modules/functions. But nevertheless I assume it's not the majority. So I
assume claiming to have an exploit that gains root on any Apache without
making further restrictions to when it can be applied seems fake. In the
case of mpm-itk for example I think the impact of exploiting the forked
instance you talk to would be no more than gaining access at the level
of the user that owns the vhost, as the forked child will drop root
immediately and run under user's uid/gid. Of course it's still possible
to find a root hole somewhere in there, but then again I guess it would
be itk specific.


Best,

Chris


Download attachment "smime.p7s" of type "application/pkcs7-signature" (6761 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ