[CentOS] Another Fedora decision
Warren Young
wyml at etr-usa.com
Thu Feb 5 00:32:12 UTC 2015
> On Feb 4, 2015, at 4:14 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
>
> On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <wyml at etr-usa.com> wrote:
>>>>
>> Most such vulns are against Apache, PHP, etc, which do not run as root.
>
> Those are common. Combine them with anything called a 'local
> privilege escalation' vulnerability and you've got a remote root
> exploit.
Not quite. An LPE can only be used against your system by logged-in users.
To make a blended attack that can read /etc/shadow from an LPE, you need either SSH access or a remote shell vuln, not an arbitrary file read vuln. Holes that expose an unintended remote shell are quite a bit rarer than ones that allow a service like Apache to send you any file their non-root account has permission to read.
It’s a bit like calling lightning to find a system where both types of vulnerabilities are available at the same time.
More information about the CentOS
mailing list