[BlueOnyx:22798] Apache Security Issues - attacker may gain root privileges
Gerrit Haas
Gerrit.Haas at blackpoint.de
Wed Apr 3 04:46:08 -05 2019
Hi Michael,
are you aware of the security issue in apache webserver:
https://www.golem.de/news/sicherheitsluecke-nutzer-des-apache-webservers-koe
nnen-root-rechte-erlangen-1904-140395.html
(German)
https://httpd.apache.org/security/vulnerabilities_24.html
(English)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker
or prefork, code executing in less-privileged child processes or threads
(including scripts executed by an in-process scripting interpreter) could
execute arbitrary code with the privileges of the parent process (usually
root) by manipulating the scoreboard. Non-Unix systems are not affected.
Mit freundlichen Grüßen aus Bad Vilbel
Gerrit Haas
-----------------------------------------------
blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel
Systemadministrator
Tel.: +49 6101 65788 32
IT-Support: +49 6101 65788 - 30
Fax: +49 6101 65788 99
eMail: Gerrit.Haas at blackpoint.de
Tel. Rufbereitschaft (Außerhalb der Arbeitszeiten) +49 6101 65788-40
Vertretungsberechtigt Dirk Estenfeld und Mario Di Rienzo HRB 50093 Frankfurt
am Main USt.-IdNr. de210106871
Besuchen Sie uns im Internet unter http://www.blackpoint.de
Problemlos Domains registrieren: http://www.edns.de
Einfach und günstig Daten sichern:
https://www.blackpoint.de/produkte/hosting/weitere-cloud-dienste/veeam-cloud
-connect/
Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original message.
-----------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5524 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20190403/43c78c38/attachment.p7s>
More information about the Blueonyx
mailing list