This bug has so far resulted in at least 4 exploited servers, though luckily so far apparently only by idiot script kiddies unable to get past the shell at www-data.
We have been using the mitigation of changing the permissions in the relevant place, but it would be nice not to have to do so.
This bug has so far resulted in at least 4 exploited servers, though luckily so far apparently only by idiot script kiddies unable to get past the shell at www-data.
We have been using the mitigation of changing the permissions in the relevant place, but it would be nice not to have to do so.