Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A5B3810470 for ; Tue, 7 May 2013 09:44:08 +0000 (UTC) Received: (qmail 590 invoked by uid 500); 7 May 2013 09:44:05 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 214 invoked by uid 500); 7 May 2013 09:43:59 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 188 invoked by uid 99); 7 May 2013 09:43:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 May 2013 09:43:59 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of tomcatgeek@gmail.com designates 209.85.223.172 as permitted sender) Received: from [209.85.223.172] (HELO mail-ie0-f172.google.com) (209.85.223.172) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 May 2013 09:43:54 +0000 Received: by mail-ie0-f172.google.com with SMTP id 16so559635iea.31 for ; Tue, 07 May 2013 02:43:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=q+vGaiqn12S1nKuboehVkKWq69dA0pNGvLVfhHBLg3o=; b=AmLT1RJHqBYHQ1+s/HGXC93s8wE9kLXPeNQoIARc1k9heDStxCBHJqcC2Ih+/eOtZx krCCqWJjyF8nzWujhd04271Pcui7Nv5HELL67cjNHPxiditTGp1eZzvsvdGvUjHhCMOU mZ+y0+G4qySYfzsVjMT8wtiEqx9xQJU5EyUXByPeMGbqHROq5b4dwJKGem5BDo6POlbV HfY5DoZIP4yLpngd0TPqNdbT+qaVfGIefon8Fu3xdsLzKKyH65B0vh6PE4gt0AnCZYj2 Nm0D6dZnkP3c1c3pS4iRNqfAMHsUHhq1HC4mtEY4cBn3mNk/3KsSTk7ROamguz3Nwg5X QehA== MIME-Version: 1.0 X-Received: by 10.42.40.11 with SMTP id j11mr357079ice.50.1367919814181; Tue, 07 May 2013 02:43:34 -0700 (PDT) Received: by 10.50.65.71 with HTTP; Tue, 7 May 2013 02:43:34 -0700 (PDT) In-Reply-To: References: <9BFD8A9280D5F741802A3BA05AFFD8705E0537@INFPWXM006.ad.unsw.edu.au> <51824E15.2040302@ptc.com> <5182512A.5000000@apache.org> <5182A22E.8010509@christopherschultz.net> Date: Tue, 7 May 2013 15:13:34 +0530 Message-ID: Subject: Re: Attacks in Apache servers From: M Eashwar To: Tomcat Users List Content-Type: multipart/alternative; boundary=20cf30223cb39b0a3a04dc1da68f X-Virus-Checked: Checked by ClamAV on apache.org --20cf30223cb39b0a3a04dc1da68f Content-Type: text/plain; charset=ISO-8859-1 Hi All, Thanks for your views. It seems to be like very difficult to come for a conclusion :-) Regards Eashwar On Thu, May 2, 2013 at 11:08 PM, David N. Smith wrote: > > > > Didn't you know that 'rm' was vulnerable on Linux?!?! > > > > An attacker with escalated privileges can -- through clever use of > > this misunderstood command with code so complicated, that this > > enormous vulnerability went unnoticed for decades -- wreak havoc on > > any Linux system connected to the iterwebs. The only plausible > > mitigation of this egregious vulnerability is to uninstall the 'rm' > > package or switch to a more secure OS. > > > > I think the vulnerability is limited to versions that support the options > -r and -f. ;-) > > -- David > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --20cf30223cb39b0a3a04dc1da68f--