httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Robertson" <>
Subject RE: [users@httpd] HTTPD 2.2.3 possible exploit?
Date Tue, 03 Jul 2007 06:25:37 GMT
>Chris Robertson wrote:
>> Where's the posix api and dl-functionality report?  Any specific
>> keywords to narrow it down?
>disable_*** in php.ini?
I thought you meant a vulnerability/exploit report...

>> I actually started with PHP as my most likely culprit but in digging
>> one of the servers that was compromised doesn't have any php web
>> i.e. the module is loaded but not in use.
>well, is it possible it crossed process boundries to other processes
>running as user 'wwwrun'?
Apache is the only thing running as that user.  Regardless there were
commands issue with root privs so what ever happened needed to have
gotten back to kernel space to elevate privileges. 

>Whoops.  Don't tell us you started httpd as wwwrun?  That means you
Nope standard start scripts.

Thanks for the feedback.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message