tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From M Eashwar <tomcatg...@gmail.com>
Subject Re: Attacks in Apache servers
Date Tue, 07 May 2013 09:43:34 GMT
Hi All,

    Thanks for your views.

    It seems to be like very difficult to come for a conclusion :-)

Regards
Eashwar


On Thu, May 2, 2013 at 11:08 PM, David N. Smith <david.smith@cornell.edu>wrote:

> >
> > Didn't you know that 'rm' was vulnerable on Linux?!?!
> >
> > An attacker with escalated privileges can -- through clever use of
> > this misunderstood command with code so complicated, that this
> > enormous vulnerability went unnoticed for decades -- wreak havoc on
> > any Linux system connected to the iterwebs. The only plausible
> > mitigation of this egregious vulnerability is to uninstall the 'rm'
> > package or switch to a more secure OS.
> >
>
> I think the vulnerability is limited to versions that support the options
> -r and -f.  ;-)
>
> -- David
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message