Bugtraq mailing list archives
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
From: terry white <twhite () aniota com>
Date: Sat, 10 Aug 2013 10:29:42 -0700 (PDT)
... ciao: : on "8-10-2013" "Gichuki John Chuksjonia" writ: : most of the Admins who handle webservers : in a network are also developers name , just a "few" : most of the organizations will always need to cut on expenses, history suggests, security breaches, are NOT a profit center. : and as we know i'd prefer, that you not include me in that knowledge base. things like: : most of the developers will just look into finishing work and : making it work AND : So if something doesn't run due to httpd.conf, you will find these : guys loosening server security, therefore opening holes to the : infrastructure AND : From: guess who < NotMyDomain @ gmail.com > do not typically inspire confidence, or the illusion of a working knowledge about the subject at hand. on a parallel track. i'm a ham, WD0FPC, and every so often a new operator, sets about becoming an "expert", offering their "two cents" worth. i am yet to see a case in which it didn't go one of three ways; (a) left the hobby, (b) became an operator worthy of license class, and (c), didn't. computing, and amateur radio, both the classic 'community', with knowledge as lifeblood, and the willingness to help its life energy. in some schools of thought, both individually, and collectively, a deserved respect inherent. solidified ignorance, flawed assumptions, and faulty logic, able to ignore all that. for a while ... -- ... it's not what you see , but in stead , notice ...
Current thread:
- Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Michal Zalewski (Aug 11)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Tobias Kreidl (Aug 11)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
- RE: [Full-disclosure] Apache suEXEC privilege elevation / Dico Emil (Aug 09)
- Message not available
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Gichuki John Chuksjonia (Aug 10)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jeffrey Walton (Aug 10)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 10)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure terry white (Aug 11)