Today we were very surprised by vulnerability CVE-2013-1048 in Apache web-server. This issue was described in Debian Security Advisory DSA-2637-1 by following notes:
Lets try to analyse patch for this bug:
As you can see, install command was replaced to mkdir_chown function which contains many security checks.
Lets try to understand what happens where "install -d -o www-data /var/lock/apache" called.
This command creates directory /var/lock/apache and that set chown www-data to this directory.
But if this directory was already created as a symlink to another directory (/var/lock have a+w privileges), install command change privileges to this directory. Simplest exploitation way is create directory /var/lock/apache as a symlink to /etc/ directory and than delete /etc/shadow file and recreate it with yourself content under www-data user privileges.
Hayawardh Vijayakumar noticed that the apache2ctl script created the lock directory in an unsafe manner, allowing a local attacker to gain elevated privileges via a symlink attack. This is a Debian specific issue.First looks at last line of quote - only Debian systems were affected.
Lets try to analyse patch for this bug:
As you can see, install command was replaced to mkdir_chown function which contains many security checks.
Lets try to understand what happens where "install -d -o www-data /var/lock/apache" called.
This command creates directory /var/lock/apache and that set chown www-data to this directory.
But if this directory was already created as a symlink to another directory (/var/lock have a+w privileges), install command change privileges to this directory. Simplest exploitation way is create directory /var/lock/apache as a symlink to /etc/ directory and than delete /etc/shadow file and recreate it with yourself content under www-data user privileges.
The standard span of these credits is only fourteen days and such advances are taken to meet costs till the following payday.
ОтветитьУдалитьCheck Cashing San-diego
In the greater part of the cases, the payback plan is settled by the following due payday of the candidate.Cash Advance Chicago
ОтветитьУдалитьTo the extent the reimbursement is concerned, the borrower require just present a post dated check to the moneylender at the season of credit endorsement.
ОтветитьУдалитьCheck Cashing
When it comes time to pay your duties, you require that cash now, since Uncle Sam isn't the sort to take pardons.
ОтветитьУдалитьAuto Title Loans Chicago
Ensure that you settle your advance manage a dependable loan specialist.
ОтветитьУдалитьCheck Cashing
Thanks for sharing, nice post! Post really provice useful information!
ОтветитьУдалитьGiaonhan247 chuyên dịch vụ dich vu ship hang my cũng như giải đáp mua đồng hồ trên ebay có đảm bảo không hay có nên mua đồng hồ trên ebay không và là công ty vận chuyển hàng đi lào uy tín nhất.
Garmin GPS Free Update, you can make one for nothing. Take me to flyGarmin. Open air. Add the most recent guides to your Garmin open air GPS gadget. Include Outdoor Maps.
ОтветитьУдалитьThere is noticeably a bundle to know about this. I assume you made certain nice points in features also.
ОтветитьУдалитьInformation
Click Here
Visit Web
Godryshop.it
Information
Your content is very informative. I like the way you break down complex topics into easy-to-understand language. It's great to see more blogs like this one, and I'll be sure to check out your other posts as well.
ОтветитьУдалитьNigeria Embassy Attestation Services is a reliable online Nigerian embassy service that provides the official certification to foreign nationals who need to visit and establish their identity in Nigeria.203 charactersNigeria Embassy Attestation
Qantas Airlines
ОтветитьУдалить