help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remote exploit?

From: Mark . Burgess
Subject: Re: remote exploit?
Date: Tue, 10 Aug 2004 18:47:36 +0200 (MEST) 
The security exploit is real,  but read it carefully. It need not be that
dangerous. It is fully fixed in version 2.1.8 -> and you have to get
through access controls before you can try it. So it is mainly a friendly
fire attack.

Mark


On 10 Aug, Phil D'Amore wrote:
> Anyone mind sharing the clarification with the rest of us?
> 
> Ed Brown wrote:
> 
>>Thanks for the clarification (offlist).  No, didn't know what blastwave
>>was till now.  And I'm not at all funny...
>>
>>-Ed
>>
>>
>>On Tue, 2004-08-10 at 10:02, Thomas Glanzmann wrote:
>>  
>>
>>>Hi Ed,
>>>
>>>* Ed Brown <ebrown@lanl.gov> [040810 17:43]:
>>>    
>>>
>>>>I don't remember reading here about a remote/local root vulnerability in
>>>>2.0.0 through 2.1.7, that was fixed in the 2.1.8 release.  A full
>>>>description, with proof of concept exploit code, at:
>>>>http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccion=10
>>>>      
>>>>
>>>are you the funny guy, who filed a bugreport against my blastwave
>>>package?
>>>
>>>     Thomas
>>>
>>>
>>>_______________________________________________
>>>Help-cfengine mailing list
>>>Help-cfengine@gnu.org
>>>http://lists.gnu.org/mailman/listinfo/help-cfengine
>>>    
>>>
>>
>>
>>
>>_______________________________________________
>>Help-cfengine mailing list
>>Help-cfengine@gnu.org
>>http://lists.gnu.org/mailman/listinfo/help-cfengine
>>  
>>
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]