On Sat, 10 Jun 2000, Ged Haywood wrote:
> Hi all,
>
> I thought this might be of interest to Apache users running Linux.
[snip]
Note that this is not a vulnerability that Apache/Linux suffers from
particularly, except in the case of a mod_perl or CGI exploit that allows
the user to get a local account on the machine, in which case he/she can
"upgrade" that account to root using this exploit.
Of course you should probably say "to hell with my 90+ days uptime" and
upgrade anyway ;-)
--
<Matt/>
Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org http://xml.sergeant.org
