[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: remote exploit?
From: |
Mark . Burgess |
Subject: |
Re: remote exploit? |
Date: |
Tue, 10 Aug 2004 18:47:36 +0200 (MEST) |
The security exploit is real, but read it carefully. It need not be that
dangerous. It is fully fixed in version 2.1.8 -> and you have to get
through access controls before you can try it. So it is mainly a friendly
fire attack.
Mark
On 10 Aug, Phil D'Amore wrote:
> Anyone mind sharing the clarification with the rest of us?
>
> Ed Brown wrote:
>
>>Thanks for the clarification (offlist). No, didn't know what blastwave
>>was till now. And I'm not at all funny...
>>
>>-Ed
>>
>>
>>On Tue, 2004-08-10 at 10:02, Thomas Glanzmann wrote:
>>
>>
>>>Hi Ed,
>>>
>>>* Ed Brown <ebrown@lanl.gov> [040810 17:43]:
>>>
>>>
>>>>I don't remember reading here about a remote/local root vulnerability in
>>>>2.0.0 through 2.1.7, that was fixed in the 2.1.8 release. A full
>>>>description, with proof of concept exploit code, at:
>>>>http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10
>>>>
>>>>
>>>are you the funny guy, who filed a bugreport against my blastwave
>>>package?
>>>
>>> Thomas
>>>
>>>
>>>_______________________________________________
>>>Help-cfengine mailing list
>>>Help-cfengine@gnu.org
>>>http://lists.gnu.org/mailman/listinfo/help-cfengine
>>>
>>>
>>
>>
>>
>>_______________________________________________
>>Help-cfengine mailing list
>>Help-cfengine@gnu.org
>>http://lists.gnu.org/mailman/listinfo/help-cfengine
>>
>>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~