pers and presentations related to new security research.
For further information on this issue or any of our service offerings,
contact us:
Web www.security-assessment.com
Email info () security-assessment com
Phone +64 4 470 1650
--
QCSec Mark Koek
*QCSec <http://www.qcsec.com/>*
Information disclosure vulnerability in Apache Tomcat
Web version at:
http://www.qcsec.com/blog/CVE-2015-5345-apache-tomcat-vulnerab
Well, 'remote root'... The PoC asks for a working MySQL user name and
password.
And I don't really get how that account can re-set the logfile location
without SUPER privileges?
Am I wrong in thinking that this is really "just" a MySQL admin -> root
privilege escalation? Don't get me wrong,
I think the term is 'remote privilege escalation' (as opposed to local
privilege escalation). As a headline I'd suggest 'remote privilege
escalation from any mysql user to root'.
Mark
On 23-09-16 19:20, Dawid Golunski wrote:
Hi Mark,
Thanks for that. I guess it depends which RCE definition
Thanks for your explanation. It is a very good discovery to be sure.
Yet I still think that a 'remote root' is something different - Google
gives me this for example:
https://tools.cisco.com/security/center/viewAlert.x?alertId=4061 which
is a way to directly become root from the internet throu
