Re: Apache suEXEC privilege elevation / information disclosure

[Noel Butler <noel.butler () ausics net>]

Who are you talking to? You keep deleting everyone else's quotes except
your own so we have no idea, please stop selective quoting if you want
to be taken with any grain of seriousness and expect a response. If
you're not doing it deliberately,  then your client seems to be breaking
things :)
if its in relation to my statement? This is not a vulnerability, if you
disagree with that, by all means visit
http://httpd.apache.org/bug_report.html 

Cheers


On Fri, 2013-08-09 at 16:33 +0700, Kingcope wrote:

> So the blackhat that Sits on ur Site and the site of ur company Since half a year  will stop at the point Where its 
> "technically incorrect" and wont escalate to root because "it doesnt have to do Anything with suexec". Its an Old 
> vuln so let it stay , better for us and soon our Data on your boxes.
>
> Time to Write a Real Root exploit and dont waste the Time with sysadmins that know how to set a flag in httpd.conf   
> , apache devs included.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/