6 Jan
2012
6 Jan
'12
4:22 a.m.
On 1/5/2012 9:13 PM, email builder wrote:
1.) Attacker uses apache remote exploit (or other means) to obtain
your /etc/shadow file (not a remote shell, just GET the file without that fact being logged);
I don't mean to thread-hijack, but I'm curious, if apache runs as its own non-root user and /etc/shadow is root-owned and 0400, then how could any exploit of software not running as root ever have access to that file?? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It's possible if the kernel is vulnerable to a local root exploit, and the attacker who gained entry to the system via apache, was able to use it and elevate privileges.
--
Corey Henderson
http://cormander.com/