Michael <[EMAIL PROTECTED]> wrote : i don't actually think apache could be root-exploited directly, since it has no suid-bit and does usually not run as root. This was why i did not react to it.
Maybe the author wanted to report a new worm that first exploits apache and then does a local-root-exploit. But i don't believe a direct apache-root-exploit exists, unless apache is misconfigured or using suexec or kind of that. > Maybe now we can STFU and concentrate on actual disclosure? > I'm curious as to why there has been no discussion about this apache report. > > The poster of this message didnt include any info on the details of the > problem > nor an exploit, which leaves us wondering. (The insult was cute though) > > This could be some serious isht if indeed it is true. > > Can anyone confirm/dispute? > > > -M > > -- > . Michael Jastremski > ............................................................. > .. Network Engineer > Megaglobal Networks > Megaglobal.net > ....................... > ...... Photographer > Open Photo Project > Openphoto.net > ........................ > .......... Resident > West Philadelphia > Westphila.net > ........................ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
