Joey Hess wrote:
> On the third hand, this bug has documented a security hole with exploit
> in apache for about 2 weeks without any reaction from its maintainers,
> and was open for many months before that without any reaction from them.
> If apache isn't being maintained, it might be better to dr
Am Mittwoch, den 28.02.2007, 19:45 -0800 schrieb Russ Allbery:
> Daniel Leidert <[EMAIL PROTECTED]> writes:
>
> > Package: apache
> > Followup-For: Bug #357561
>
> > Why isn't anybody of the official maintainers reacting or commenting on
> > this bug? There are 3(!) completely undocumented downgr
As the person who found and has thoroughly tested this bug, I can confirm
firsthand that this isn't just a case of apache being vulnerable with "-F"! I
specifically mentioned using the init script in the original report over a
month ago, not "-F". That is, the circumstances required to exploit this
**
*Are you searching for a Partner? / For you / your Son/ Daughter/ Sister/
Brother/ Relative / Friend / Neighbor?*
Forget all your troubles, Discard all your worries. Here is happy news for
you!
We welcome you to *m4me.com*. Let us introduce ourselves.
*m4me.com* is a private and confi
The description given is somewhat incorrect. The escalation exists
whether run with -F or not. 033_-F_NOSETSID disables running setsid in
all cases. This means that running /etc/init.d/apache start and then not
closing the terminal (and people do have long-running shells like this)
leaves you vuln
5 matches
Mail list logo
