[CentOS] Another Fedora decision

Thu Feb 5 03:10:24 UTC 2015
Les Mikesell <lesmikesell at gmail.com>

On Wed, Feb 4, 2015 at 8:43 PM, Warren Young <wyml at etr-usa.com> wrote:
>> On Feb 4, 2015, at 7:23 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
>>
>> On Wed, Feb 4, 2015 at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote:
>>>
>>> An LPE can only be used against your system by logged-in users.
>>
>> Or any running program - like a web server.
>
> That’s not what LPE means.  “L” = “local”, meaning you are logged-in interactively to the server, or have the ability to execute arbitrary commands remotely, which comes to the same thing.
>
> The only way Apache can be used in conjunction with an LPE to provide root access is via something like Shellshock.

The instance I saw used a java web server, but server bugs that allow
allow execution of arbitrary commands have been fairly numerous -
shellshock might have worked too.  And that's all you need to turn
what you thought was a local vulnerability into a remote one.

-- 
   Les Mikesell
     lesmikesell at gmail.com