On Wed, Feb 4, 2015 at 8:43 PM, Warren Young wyml@etr-usa.com wrote:
On Feb 4, 2015, at 7:23 PM, Les Mikesell lesmikesell@gmail.com wrote:
On Wed, Feb 4, 2015 at 6:32 PM, Warren Young wyml@etr-usa.com wrote:
An LPE can only be used against your system by logged-in users.
Or any running program - like a web server.
That’s not what LPE means. “L” = “local”, meaning you are logged-in interactively to the server, or have the ability to execute arbitrary commands remotely, which comes to the same thing.
The only way Apache can be used in conjunction with an LPE to provide root access is via something like Shellshock.
The instance I saw used a java web server, but server bugs that allow allow execution of arbitrary commands have been fairly numerous - shellshock might have worked too. And that's all you need to turn what you thought was a local vulnerability into a remote one.