tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David N. Smith" <david.sm...@cornell.edu>
Subject Re: Attacks in Apache servers
Date Thu, 02 May 2013 17:38:15 GMT
> 
> Didn't you know that 'rm' was vulnerable on Linux?!?!
> 
> An attacker with escalated privileges can -- through clever use of
> this misunderstood command with code so complicated, that this
> enormous vulnerability went unnoticed for decades -- wreak havoc on
> any Linux system connected to the iterwebs. The only plausible
> mitigation of this egregious vulnerability is to uninstall the 'rm'
> package or switch to a more secure OS.
> 

I think the vulnerability is limited to versions that support the options -r and -f.  ;-)

-- David

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message