NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2002-q2

From: Jedi/Sector One (jpureftpd.org)
Date: Sun Jun 23 2002 - 09:05:16 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:
> Don't forget this is not a serious vulnerability in many configurations (if the
> user already has permission to run cgi scripts without suexec, SSI, etc).

Indeed, the fact that any user can stop the whole web server, or launch
commands as the web server uid despite the use of suexec is not serious.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]