Security Incidents mailing list archives
Re: Apache 1.3.XX
From: "Veins" <veins () skreel org>
Date: Fri, 1 Feb 2002 22:17:35 +0100
What was the full URI ? Are you sure it wasn't some box infected with Code Red II or the like ? On a side note, how could this vulnerability yeild a root shell when apache isn't/shouldn't be running as root. -Blake
Apache runs as root. It uses a root process to bind to port 80 and to spawn and kill setuid child processes. Also, people have advised to run apache chroot()-ed, this adds another layer in the security but...is useless if the cracker actually gets to bind a root shell as it is not so hard to break out of a chroot with root privileges if you want to. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Apache 1.3.XX Russell Fulton (Feb 01)
- Re: Apache 1.3.XX Blake Frantz (Feb 01)
- Re: Apache 1.3.XX Veins (Feb 04)
- <Possible follow-ups>
- Re: Apache 1.3.XX Sten (Feb 01)
- Re: Apache 1.3.XX Blake Frantz (Feb 01)