[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4DFB294F.5070201@own-hero.net>
Date: Fri, 17 Jun 2011 12:15:43 +0200
From: decoder <decoder@...-hero.net>
To: Kai <kai@...nn.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Apache 2.0.63 - 2.2.19 Remote Exploit Fake or
not?
On 06/17/2011 11:56 AM, Kai wrote:
>> Claiming to gain root through a service that most people do not run as
>> root already makes me think that this fake.
>
> do not forget about mpm-itk, mpm-peruser and analogs, when we have to
> run apache as root.
>
True, and I cannot really say how many people use these
modules/functions. But nevertheless I assume it's not the majority. So I
assume claiming to have an exploit that gains root on any Apache without
making further restrictions to when it can be applied seems fake. In the
case of mpm-itk for example I think the impact of exploiting the forked
instance you talk to would be no more than gaining access at the level
of the user that owns the vhost, as the forked child will drop root
immediately and run under user's uid/gid. Of course it's still possible
to find a root hole somewhere in there, but then again I guess it would
be itk specific.
Best,
Chris
Download attachment "smime.p7s" of type "application/pkcs7-signature" (6761 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists