04-25-2008
S-278: suphp Vulnerability
It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users. The risk is LOW. May lead to privilege escalation by local users.
More...
5 More Discussions You Might Find Interesting
1. Cybersecurity
SNMP Vulnerability:
In a few minutes wire services and other news sources will begin
breaking a story about widespread vulnerabilities in SNMP (Simple
Network Management Protocol). Exploits of the vulnerability cause
systems to fail or to be taken over. The vulnerability can be found in... (1 Reply)
Discussion started by: dpatel
1 Replies
2. UNIX for Dummies Questions & Answers
Hello.
Could you please post an example of configuration of Apache + mod_fcgi + suphp? Till now I can get to work only either mod_fcgi or suphp, but not together.
As I understand, suphp binary should be called from FCGIWrapper directive, but it always says, that SCRIPT_NAME variable is not... (0 Replies)
Discussion started by: FractalizeR
0 Replies
3. UNIX for Advanced & Expert Users
Hi all,
My server was Debian Etch (4) and had a working suPHP module (version 0.6.2-1). After I dist-upgraded it to Lenny (Debian 5), suPHP (version 0.6.2-3) stopped working. I read in the mailing list that I should change the settings of /etc/suphp/suphp.conf to this form:
;Handler... (1 Reply)
Discussion started by: mjdousti
1 Replies
4. News, Links, Events and Announcements
Not sure if there is a post about it here somewhere already. Anyway:
Remote exploit vulnerability in bash CVE-2014-6271 | CSO Online (3 Replies)
Discussion started by: zaxxon
3 Replies
5. IP Networking
Hi there,
I am trying to find info about the commonly used ports and how it can be vulnerable and to identify them?
For example, I would like to identify how to man-in-the-middle using these ports 21(FTP),22(SSH),23(TELNET), (1 Reply)
Discussion started by: alvinoo
1 Replies
LEARN ABOUT CENTOS
dblink_connect_u
DBLINK_CONNECT_U(3) PostgreSQL 9.2.7 Documentation DBLINK_CONNECT_U(3)
NAME
dblink_connect_u - opens a persistent connection to a remote database, insecurely
SYNOPSIS
dblink_connect_u(text connstr) returns text
dblink_connect_u(text connname, text connstr) returns text
DESCRIPTION
dblink_connect_u() is identical to dblink_connect(), except that it will allow non-superusers to connect using any authentication method.
If the remote server selects an authentication method that does not involve a password, then impersonation and subsequent escalation of
privileges can occur, because the session will appear to have originated from the user as which the local PostgreSQL server runs. Also,
even if the remote server does demand a password, it is possible for the password to be supplied from the server environment, such as a
~/.pgpass file belonging to the server's user. This opens not only a risk of impersonation, but the possibility of exposing a password to
an untrustworthy remote server. Therefore, dblink_connect_u() is initially installed with all privileges revoked from PUBLIC, making it
un-callable except by superusers. In some situations it may be appropriate to grant EXECUTE permission for dblink_connect_u() to specific
users who are considered trustworthy, but this should be done with care. It is also recommended that any ~/.pgpass file belonging to the
server's user not contain any records specifying a wildcard host name.
For further details see dblink_connect().
PostgreSQL 9.2.7 2014-02-17 DBLINK_CONNECT_U(3)