Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
From: Alexander Sotirov (asotirovdetermina.com)
Date: Tue Aug 22 2006 - 13:12:40 CDT
Regardless of the feasibility of exploitation in Toast 7, it's still a bug.
There are no guarantees that the vulnerable code will not be exposed to users
with less privileges in a future version of the product. Making system() calls
without a full path from a suid root binary is just asking for trouble. You
should fix it.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/