« IntelDatasetRejected:apache2 » : différence entre les versions
Aller à la navigation
Aller à la recherche
m Révocation d’une modification réalisée par HackBBS (discussion) et restauration de la dernière version réalisée par Korigan Balise : Révocation |
Aucun résumé des modifications |
||
| (3 versions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 4 : | Ligne 4 : | ||
"author": "korigan",<br /> | "author": "korigan",<br /> | ||
"comment": "This is part of the try_chown function.\nThis function is called by socache_dbm_init when the superuser run the program only.\nThe files impacted are {db, dir, pag} files. Those suffixes are hardcoded and cannot be manipulated.\nThose files contains non executable data only.\nAn attacker would need to already have root privs or already have the low privileges required to access the targeted data files.\nThis entry cannot lead to an RCE."<br /> | "comment": "This is part of the try_chown function.\nThis function is called by socache_dbm_init when the superuser run the program only.\nThe files impacted are {db, dir, pag} files. Those suffixes are hardcoded and cannot be manipulated.\nThose files contains non executable data only.\nAn attacker would need to already have root privs or already have the low privileges required to access the targeted data files.\nThis entry cannot lead to an RCE."<br /> | ||
},<br /> | |||
{<br /> | |||
"description": "./srclib/apr/file_io/unix/filestat.c:179: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.",<br /> | |||
"author": "korigan",<br /> | |||
"comment": "File not found"<br /> | |||
},<br /> | |||
{<br /> | |||
"description": "./srclib/apr/threadproc/win32/proc.c:297: [5] (misc) SetSecurityDescriptorDacl: Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).",<br /> | |||
"author": "korigan",<br /> | |||
"comment": "File not found"<br /> | |||
},<br /> | |||
{<br /> | |||
"description": "./srclib/apr/file_io/netware/filestat.c:136: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.",<br /> | |||
"author": "korigan",<br /> | |||
"comment": "File not found"<br /> | |||
},<br /> | |||
{<br /> | |||
"description": "./srclib/apr/build/aplibtool.c:172: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).",<br /> | |||
"author": "korigan",<br /> | |||
"comment": "File not found"<br /> | |||
}<br /> | }<br /> | ||
] | ] | ||
Dernière version du 10 septembre 2024 à 19:24
[
{
"description": "./modules/cache/mod_socache_dbm.c:106: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.",
"author": "korigan",
"comment": "This is part of the try_chown function.\nThis function is called by socache_dbm_init when the superuser run the program only.\nThe files impacted are {db, dir, pag} files. Those suffixes are hardcoded and cannot be manipulated.\nThose files contains non executable data only.\nAn attacker would need to already have root privs or already have the low privileges required to access the targeted data files.\nThis entry cannot lead to an RCE."
},
{
"description": "./srclib/apr/file_io/unix/filestat.c:179: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.",
"author": "korigan",
"comment": "File not found"
},
{
"description": "./srclib/apr/threadproc/win32/proc.c:297: [5] (misc) SetSecurityDescriptorDacl: Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).",
"author": "korigan",
"comment": "File not found"
},
{
"description": "./srclib/apr/file_io/netware/filestat.c:136: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.",
"author": "korigan",
"comment": "File not found"
},
{
"description": "./srclib/apr/build/aplibtool.c:172: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).",
"author": "korigan",
"comment": "File not found"
}
]