Trustix Apache-SSL RPM Permissions Vulnerability

The RPM for Apache-SSL distributed with Trustix Secure Linux was misconfigured such that the httpsd binary installed world-writable by default. As the daemon runs as root, this could easily lead to privelege escalation for local users.


 

Privacy Statement
Copyright 2010, SecurityFocus