Root exploit in the wild
inode0
inode0 at gmail.com
Mon Feb 11 15:08:00 UTC 2008
On Feb 11, 2008 8:55 AM, Lamar Owen <lowen at pari.edu> wrote:
> On Sunday 10 February 2008, Frank Cox wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=432229
>
> Hmm. I wonder if this is how the recent apache hosted servers were rooted
> remotely, even though the official explanation was password compromise.
> While this particular issue is a local exploit, if you can get code to run on
> the box as some user local to that box then you could get a remote exploit
> through this local one.
>
> Any local exploit can easily become a remote exploit if script injection into
> rich app servers is possible.
I'd be surprised if those systems were running kernels that are this new.
John
More information about the fedora-list
mailing list