Steffen Dettmer wrote:
* Thomas Biege wrote on Thu, May 02, 2002 at 15:57 +0200:
there will be an update from Suse for mod_frontpage ?
No, this bug hasn't a high severity.
It could just be exploited locally and the attacker has to become wwwrun first. Even if the attacker get's access to the victims machine and manages to become wwwrun s/he will just get access to UID >= 100.
But that means that exploiting a cgi-bin script in a typical configuration gives the intruder access to any regular user (who have typical UID >= 100). Then the intruder can change their path to contain /tmp/trojaned_ssh/ and put a ssh binary here to get access to the keys or whatever!
For me it sounds like high severity.
Steffen is absolutely right when pointing out the CGI-BIN scripts. For me it sounds like high severity too. Ciao, Michael.