Practical examples of CVE-2014-2324 and 2323

Asked by Andrew on 2014-09-28

Could somebody please provide some examples on how the CVE-2014-2324 and CVE-2014-2323 could be exploited in practice.

Like could I use the URL like
(I take it this will only work with permissions for www-data)

Also how about SQL injection' SHOW DATABASES; path = /

I need to check a site that was running an outdated version of Lighttpd

Question information

English Edit question
Ubuntu lighttpd Edit question
No assignee Edit question
Last query:
Last reply:
Thomas Kr├╝ger (thkrueger) said : #1

No, we don't provide practical examples of how to exploid systems!

Andrew (am-public-o) said : #2

Ha when you put it that way, I see why. I'm trying to work out if my system is vulnerable. It's just exploits become complicated so it makes it hard to work out were a potential attack vector comes from.

I can see in the error logs there have been a number of hits of various directories and also /etc/passwd.

Maybe somebody could then state simply - do the files need to be explicitly owned by www-data ?? in order to access or could a xx5 permission be enough?

Can you help with this problem?

Provide an answer of your own, or ask Andrew for more information if necessary.

To post a message you must log in.