Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Apache 1.3.XX
From: "Veins" <veins () skreel org>
Date: Fri, 1 Feb 2002 22:17:35 +0100
What was the full URI ?  Are you sure it wasn't some box infected with
Code Red II or the like ?

On a side note, how could this vulnerability yeild a root shell when
apache isn't/shouldn't be running as root.

-Blake


Apache runs as root. It uses a root process to bind to port 80 and to spawn
and kill
setuid child processes.

Also, people have advised to run apache chroot()-ed, this adds another layer
in the
security but...is useless if the cracker actually gets to bind a root shell
as it is not so
hard to break out of a chroot with root privileges if you want to.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]