tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David N. Smith" <>
Subject Re: Attacks in Apache servers
Date Thu, 02 May 2013 17:38:15 GMT
> Didn't you know that 'rm' was vulnerable on Linux?!?!
> An attacker with escalated privileges can -- through clever use of
> this misunderstood command with code so complicated, that this
> enormous vulnerability went unnoticed for decades -- wreak havoc on
> any Linux system connected to the iterwebs. The only plausible
> mitigation of this egregious vulnerability is to uninstall the 'rm'
> package or switch to a more secure OS.

I think the vulnerability is limited to versions that support the options -r and -f.  ;-)

-- David

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message