On Wed, Feb 4, 2015 at 8:43 PM, Warren Young <wyml@xxxxxxxxxxx> wrote:
>> On Feb 4, 2015, at 7:23 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
>>
>> On Wed, Feb 4, 2015 at 6:32 PM, Warren Young <wyml@xxxxxxxxxxx> wrote:
>>>
>>> An LPE can only be used against your system by logged-in users.
>>
>> Or any running program - like a web server.
>
> That’s not what LPE means. “L” = “local”, meaning you are logged-in interactively to the server, or have the ability to execute arbitrary commands remotely, which comes to the same thing.
>
> The only way Apache can be used in conjunction with an LPE to provide root access is via something like Shellshock.
The instance I saw used a java web server, but server bugs that allow
allow execution of arbitrary commands have been fairly numerous -
shellshock might have worked too. And that's all you need to turn
what you thought was a local vulnerability into a remote one.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
