OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Thomas Biege (thomassuse.de)
Date: Thu May 02 2002 - 08:57:33 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Tue, 30 Apr 2002, Ernesto Fries wrote:

    > Hi folks,

    Hi. :)

    > there will be an update from Suse for mod_frontpage ?

    No, this bug hasn't a high severity.

    It could just be exploited locally and the attacker has to become wwwrun
    first. Even if the attacker get's access to the victims machine and
    manages to become wwwrun s/he will just get access to UID >= 100.
    This bug is fixed in SuSE 8.0.

    Bye,
         Thomas 

    -- 
  Thomas Biege <thomassuse.de>
  SuSE Linux AG,Deutschherrnstr. 15-19,90429 Nuernberg
  Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/contact/thomas.asc | pgp -fka"
  Key fingerprint = 51 AD B9 C7 34 FC F2 54  01 4A 1C D4 66 64 09 83
-- 
	Trete durch die Form ein, und trete aus der Form heraus.

    -- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here