VULHUB ™

cluecentral Apache suexec patch is reported prone to a local security weakness. It is reported that the patch that is applied to Apache suexec makes suexec insecure. The patch reportedly removes security checks on insecure directory permissions and permits the execution of files owned by arbitrary users, by the 'nobody' user. A local attacker who has permissions to create, publish and request PHP web content on the affected system may exploit this weakness in conjunction with other security vulnerabilities to achieve some degree of privilege escalation.

cluecentral Apache suexec patch is reported prone to a local security weakness. It is reported that the patch that is applied to Apache suexec makes suexec insecure. The patch reportedly removes security checks on insecure directory permissions and permits the execution of files owned by arbitrary users, by the 'nobody' user. A local attacker who has permissions to create, publish and request PHP web content on the affected system may exploit this weakness in conjunction with other security vulnerabilities to achieve some degree of privilege escalation.