Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> On Feb 4, 2015, at 4:14 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> 
> On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <wyml@xxxxxxxxxxx> wrote:
>>>> 
>> Most such vulns are against Apache, PHP, etc, which do not run as root.
> 
> Those are common.  Combine them with anything called a 'local
> privilege escalation' vulnerability and you've got a remote root
> exploit.

Not quite.  An LPE can only be used against your system by logged-in users.

To make a blended attack that can read /etc/shadow from an LPE, you need either SSH access or a remote shell vuln, not an arbitrary file read vuln.  Holes that expose an unintended remote shell are quite a bit rarer than ones that allow a service like Apache to send you any file their non-root account has permission to read.

It’s a bit like calling lightning to find a system where both types of vulnerabilities are available at the same time.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos





[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux