Root exploit in the wild

Lamar Owen lowen at
Mon Feb 11 14:55:58 UTC 2008

On Sunday 10 February 2008, Frank Cox wrote:

Hmm.  I wonder if this is how the recent apache hosted servers were rooted 
remotely, even though the official explanation was password compromise.  
While this particular issue is a local exploit, if you can get code to run on 
the box as some user local to that box then you could get a remote exploit 
through this local one.

Any local exploit can easily become a remote exploit if script injection into 
rich app servers is possible.

Thanks for posting.
Lamar Owen

More information about the fedora-list mailing list