BugTraq
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 10 2013 02:52PM
Tobias Kreidl (tobias kreidl nau edu) (1 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 10:44AM
Reindl Harald (h reindl thelounge net) (2 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 08:15PM
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 08:53PM
Reindl Harald (h reindl thelounge net) (1 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 09:56PM
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 10:30PM
Reindl Harald (h reindl thelounge net) (1 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 05:28PM
Coderaptor (coderaptor gmail com) (3 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 07:03PM
Jeffrey Walton (noloader gmail com)
RE: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 06:56PM
Peter Gregory (Peter Gregory tommybahama com)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 06:11PM
Reindl Harald (h reindl thelounge net) (3 replies)
Re: Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 10:26AM
Marco Floris (marco floris jaimeria org)
In my opinion we got two problems about that.

In some cases tools are user unfriendly. And a bit cryptic...but surely the sysadmin have to take care of it.

the other question is: the human guilt. Let's assume that the problem is not Apache or PHP. If i shoot my foot with my gun...the problem is not the gun.

Let's also assume that many people aren't not so smart and didn't like to read about or keep informed. Definetly they aren't sysadmin but...in many cases

they work as well in this role.

We are talking about security (aren't we?) so the first problem is the human element.

ps

PHP is a great scripting language, very useful and powerful but isn't used in a creative way at all. PHP only for web develompent? it's a real pity.

--
marco floris

[ reply ]
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 10:42PM
Brandon M. Graves (bgraves slicer-net com)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 09:39PM
coderaptor (coderaptor gmail com)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 12:50PM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 11 2013 03:39PM
Reindl Harald (h reindl thelounge net)


 

Privacy Statement
Copyright 2010, SecurityFocus