|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
From: Alexander Sotirov (asotirov
determina.com)
Date: Tue Aug 22 2006 - 13:12:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Regardless of the feasibility of exploitation in Toast 7, it's still a bug.
There are no guarantees that the vulnerable code will not be exposed to users
with less privileges in a future version of the product. Making system() calls
without a full path from a suid root binary is just asking for trouble. You
should fix it.
Alex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]