lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 09 Aug 2013 20:31:43 +1000
From: Noel Butler <>
Subject: Re: Apache suEXEC privilege elevation /
 information disclosure

Who are you talking to? You keep deleting everyone else's quotes except
your own so we have no idea, please stop selective quoting if you want
to be taken with any grain of seriousness and expect a response. If
you're not doing it deliberately,  then your client seems to be breaking
things :)
if its in relation to my statement? This is not a vulnerability, if you
disagree with that, by all means visit 


On Fri, 2013-08-09 at 16:33 +0700, Kingcope wrote:

> So the blackhat that Sits on ur Site and the site of ur company Since half a year  will stop at the point Where its "technically incorrect" and wont escalate to root because "it doesnt have to do Anything with suexec". Its an Old vuln so let it stay , better for us and soon our Data on your boxes.
> Time to Write a Real Root exploit and dont waste the Time with sysadmins that know how to set a flag in httpd.conf   , apache devs included.

Content of type "text/html" skipped

Download attachment "face-smile.png" of type "image/png" (873 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists