Wednesday, October 06
Ruh Roh
This was found by the cPanel team, and though my cPanel server is running the affected release of Apache, the exploit doesn't seem to work there. Either the httpd config is secured (it only works if you are lacking other protections) or they pushed out their own patch before the vulnerability was announced and fixed upstream.
So I think I can stop panicking and go to bed. Thankfully that's the only Apache instance I have anywhere... Wait, there is another one, but it's not affected.
Also, /etc/passwd hasn't included passwords - even hashed ones - since the days of the Byzantine Empire, and /etc/shadow is not world-readable.
This was found by the cPanel team, and though my cPanel server is running the affected release of Apache, the exploit doesn't seem to work there. Either the httpd config is secured (it only works if you are lacking other protections) or they pushed out their own patch before the vulnerability was announced and fixed upstream.
So I think I can stop panicking and go to bed. Thankfully that's the only Apache instance I have anywhere... Wait, there is another one, but it's not affected.
Also, /etc/passwd hasn't included passwords - even hashed ones - since the days of the Byzantine Empire, and /etc/shadow is not world-readable.
Posted by: Pixy Misa at
01:30 AM
| No Comments
| Add Comment
| Trackbacks (Suck)
Post contains 124 words, total size 1 kb.
47kb generated in CPU 0.0151, elapsed 0.0987 seconds.
56 queries taking 0.088 seconds, 338 records returned.
Powered by Minx 1.1.6c-pink.
56 queries taking 0.088 seconds, 338 records returned.
Powered by Minx 1.1.6c-pink.