[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Remote root exploit for mod_gzip (with debug_mode)

To: Ben Nelson <lists@venom600.org>
Subject: Re: [Full-Disclosure] Re: Remote root exploit for mod_gzip (with debug_mode)
From: Ron DuFresne <dufresne@winternet.com>
Date: Thu, 20 Nov 2003 16:17:58 -0600 (CST)

What user does apache run as under windows deployments?

Thanks,

Ron DuFresne

On Thu, 20 Nov 2003, Ben Nelson wrote:

> I s'pose it's only a 'root' exploit if you're running your webserver as
> root.
>
> --Ben
>
> martin f krafft wrote:
> > also sprach Alexander Antipov <pk95@yandex.ru> [2003.11.20.2028 +0100]:
> >
> >>/      uid=99(nobody) gid=99(nobody) groups=99(nobody)
> >
> >
> > where is the root exploit?
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Re: Remote root exploit for mod_gzip (with debug_mode)
  - From: Ben Nelson <lists@venom600.org>

Prev by Date: Re: [Full-Disclosure] self-exec.zip
Next by Date: Re: [Full-Disclosure] OpenBSD kernel panic, yet still O*BSD much worse than MS-DoS 6.0
Previous by thread: Re: [Full-Disclosure] Re: Remote root exploit for mod_gzip (with debug_mode)
Next by thread: Re: [Full-Disclosure] Re: Remote root exploit for mod_gzip (with debug_mode)
Index(es):
- Date
- Thread