Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate

From: Nasir Simbolon <nasir () 3wsi com>
Date: Thu, 02 Aug 2001 13:05:36 +0700
Olaf Bohlen wrote:


But: no user (except root) should be able to gain access to nobody. so
this is not a security hole imho.

Also if you run apache-cgi's as user, apache chowns to the owner of the
cgi before executing it:




If apache run by uid nobody, All accounts system will have gain access to
nobody  if :
1. you installed php as module of apache
2. configure php as default

all you have to do is create a php script that execute code
eg.
<?php
   system("/path/to/locate-exploite");
?>
put this script in your public_html directory and access this file from
your browser.
This script will execute by php uid nobody.

note : php have directives in php.ini  to  limit system programs that can
be executed by php  :
safe_mode_exec_dir    /path/to/exec-dir-allowed
open_basedir       /path/to/open-dir-allowed

salam,
/*------------------------------------
--Nasir Simbolon // Web application developer //
--3WSI : 3WSI Web Solutions Indonesia
--http://3wsi.com
--*/
Previous By Date Next
Previous By Thread Next

Current thread: