[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday

To: oss-security@xxxxxxxxxxxxxxxxxx
Subject: Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
From: Yves-Alexis Perez <corsac@xxxxxxxxxx>
Date: Sun, 02 Dec 2012 21:24:44 +0100

On dim., 2012-12-02 at 21:17 +0100, king cope wrote:
> My opinion is that the FILE to admin privilege elevation should be patched.
> What is the reason to have FILE and ADMIN privileges seperated when
> with this exploit
> FILE privileges equate to ALL ADMIN privileges. 

Maybe because you might not want admins to have read/write access to the
filesystem anyway?

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
  - From: king cope

References:
- MySQL (Linux) Stack based buffer overrun PoC Zeroday
  - From: king cope
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
  - From: Kurt Seifried
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
  - From: Huzaifa Sidhpurwala
- Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
  - From: Sergei Golubchik

Prev by Date: Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Next by Date: Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Previous by thread: Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Next by thread: Re: [oss-security] Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
Index(es):
- Date
- Thread