As per FD list post..
Does this seem valid?
FWD MESSAGE
Apache suEXEC privilege elevation / information disclosure
Discovered by Kingcope/Aug 2013
The suEXEC feature provides Apache users the ability to run CGI and SSI programs
under user IDs different from the user ID of the calling web
On 08/08/2013 09:24 AM, Nick Edwards wrote:
As per FD list post..
Does this seem valid?
FWD MESSAGE
Apache suEXEC privilege elevation / information disclosure
Discovered by Kingcope/Aug 2013
The suEXEC feature provides Apache users the ability to run CGI and SSI programs
under user IDs
The reason we can now read out any files and traverse directories owned by the
apache user is because apache httpd displays symlinks and directory listings
without querying suEXEC.
Displaying symlinks and directory listings is not a reason. suEXEC
changes the ID for executable content only.