On Mon, 23 Jan 2006 15:06:55 +0100 (CET), DSA 952-1 wrote:
> ---
> Debian Security Advisory DSA 952-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Moritz Muehlenhoff
> January
On Friday 27 January 2006 11:59, Ramon Acedo wrote:
> Hello,
Hello
> As a measure I changed 777 to www-data owner + 755:
>
> find . -perm 777 -exec chmod 755 {} \; -exec chown www-data {} \;
>
> Where . was DocumentRoot
chown www-data is IMHO bad idea. Apache/CGI/PHP will still have full
(read/
-Original Message-
From: Martin Schulze [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 26, 2006 10:28 AM
To: Debian Security Announcements
Subject: [SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary
command execution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
Hello,
In an up-to-date Debian Sarge box yesterday I found a lot of bad
.htaccess looking like this:
Options -MultiViews
ErrorDocument 404 //foldername/time.php
I found that many of them where located in 777 directories like the
smarty templates_c. Not all of them though. It has been a system wi
4 matches
Mail list logo
