On Wed, Feb 4, 2015 at 8:43 PM, Warren Young <wyml at etr-usa.com> wrote: >> On Feb 4, 2015, at 7:23 PM, Les Mikesell <lesmikesell at gmail.com> wrote: >> >> On Wed, Feb 4, 2015 at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote: >>> >>> An LPE can only be used against your system by logged-in users. >> >> Or any running program - like a web server. > > That’s not what LPE means. “L” = “local”, meaning you are logged-in interactively to the server, or have the ability to execute arbitrary commands remotely, which comes to the same thing. > > The only way Apache can be used in conjunction with an LPE to provide root access is via something like Shellshock. The instance I saw used a java web server, but server bugs that allow allow execution of arbitrary commands have been fairly numerous - shellshock might have worked too. And that's all you need to turn what you thought was a local vulnerability into a remote one. -- Les Mikesell lesmikesell at gmail.com