a few months ago fixes both vectors.
--
Eric Jacobs
Junior Systems Administrator
Bluehost.com
/** Apache Symlink Exploiter.
*
* Proof of concept for exploit where symlinks to files with non-matching UIDs
* are served by Apache even when Options +SymLinksIfOwnerMatch is enabled
arbitrary files.
I'll go ahead and submit a more detailed email to the security. More
feedback from the devs is appreciated.
--
Eric Jacobs
Junior Systems Administrator
Bluehost.com
standards
that are in place (e.g, it doesn't work at all on Windows), but I wanted
to put it out there anyway.
The patch that fixes the vulnerability is attached. Thank you in advance
for the feedback.
--
Eric Jacobs
Junior Systems Administrator
Bluehost.com
diff -rupN httpd-2.2.23-orig/modules