Y
Hacker News
new
|
ask
|
show
|
jobs
by
Osiris
1763 days ago
Not to completely minimize it, but that says local attacker, not remote attacker. So someone would still have to gain access to the system in question in the first place.
1 comments
phone8675309
1763 days ago
Just because a server is headless does not mean that it isn't interactive in some way or running some user-submitted scripts or code.
Also, compromising a service running as a user (not root) would be sufficient to then escalate.
link
Also, compromising a service running as a user (not root) would be sufficient to then escalate.