Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
- From: ret28 at cam.ac.uk (Richard Thrippleton)
- Subject: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
- Date: Tue, 27 Feb 2007 00:37:17 +0000
On Mon Feb 26 21:15, Nikolay Kichukov wrote: > Lool, > how long has this bug been around? Almost a year, looking at that original patch that caused the problem. To be fair, nobody had commented on the security issues until I stumbled across them a month ago though. > Sounds scary. Yeah, scared me when I first saw it and realised how vulnerable I'd been for so long. What's also scary is the complete lack of action on what is a fairly serious problem. I used to think that the Debian project had a sane attitude to security. Maybe all the good developers have gone to Ubuntu. Richard
- References:
- [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
- From: Richard Thrippleton
- [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
- From: Nikolay Kichukov
- [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
- Prev by Date: [Full-disclosure] ViewCVS 0.9.4 issues
- Next by Date: [Full-disclosure] ViewCVS 0.9.4 issues
- Previous by thread: [Full-disclosure] Local user to root escalation in apache 1.3.34 (Debian only)
- Next by thread: [Full-disclosure] rPSA-2007-0040-1 firefox
- Index(es):