Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Remote root exploit for mod_gzip (with debug_mode)

From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 20 Nov 2003 16:17:58 -0600 (CST)

What user does apache run as under windows deployments?

Thanks,

Ron DuFresne

On Thu, 20 Nov 2003, Ben Nelson wrote:


I s'pose it's only a 'root' exploit if you're running your webserver as
root.

--Ben

martin f krafft wrote:

also sprach Alexander Antipov <pk95 () yandex ru> [2003.11.20.2028 +0100]:


/      uid=99(nobody) gid=99(nobody) groups=99(nobody)



where is the root exploit?



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: