Full Disclosure mailing list archives
RE: Re: Remote root exploit for mod_gzip (with debug_mode)
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 20 Nov 2003 18:03:57 -0600
On Thu, 2003-11-20 at 17:31, Schmehl, Paul L wrote:
What user does apache run as under windows deployments?LOCALSYSTEM, which has no network privileges.
But in the past you have been able to use LOCALSYSTEM to create/edit an account with Administrator privileges which you can then use to gain network access. Your comment sounds like LOCALSYSTEM is harmless, and I believe that is a wrong statement. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Remote root exploit for mod_gzip (with debug_mode) Alexander Antipov (Nov 20)
- Re: Remote root exploit for mod_gzip (with debug_mode) martin f krafft (Nov 20)
- Re: Re: Remote root exploit for mod_gzip (with debug_mode) Ben Nelson (Nov 20)
- Re: Re: Remote root exploit for mod_gzip (with debug_mode) martin f krafft (Nov 20)
- Re: Re: Remote root exploit for mod_gzip (with debug_mode) Ron DuFresne (Nov 20)
- Message not available
- Re: Re: Remote root exploit for mod_gzip (with debug_mode) madsaxon (Nov 20)
- Re: Re: Remote root exploit for mod_gzip (with debug_mode) Ben Nelson (Nov 20)
- Re: Remote root exploit for mod_gzip (with debug_mode) martin f krafft (Nov 20)
- Re: Remote root exploit for mod_gzip (with debug_mode) Stephen (Nov 20)
- <Possible follow-ups>
- RE: Re: Remote root exploit for mod_gzip (with debug_mode) Schmehl, Paul L (Nov 20)
- RE: Re: Remote root exploit for mod_gzip (with debug_mode) Frank Knobbe (Nov 20)