[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Webmin miniserv.pl format string vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Webmin miniserv.pl format string vulnerability
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
Date: Thu, 1 Dec 2005 22:10:00 -0600

As many folks have pointed out and consistent with the recent Dyad 
advisory, these bugs are indeed exploitable. I only mention this because 
a reporter quoted someone who quoted my original message and then used it 
to downplay the severity of the problem. 

$ perl -e 'printf("%2918905856\$vs")'

-HD

On Tuesday 29 November 2005 11:15, H D Moore wrote:
> On Tuesday 29 November 2005 04:07, advisory@xxxxxxxxxxxxxxxx wrote:
> > [snip ] so so if remote code execution is successful, it would
> > lead to a full remote root compromise in a standard configuration.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Software Firewalls for Windows
Next by Date: RE: [Full-disclosure] Re: SOX whistleblowers' clause Compliance
Previous by thread: [Full-disclosure] [xfocus-SD-051202]openMotif libUil Multiple vulnerability
Next by thread: [Full-disclosure] WinEggDropShell Multiple Remote Stack Overflow
Index(es):
- Date
- Thread