On Thu, 13 Jul 2006, David Taylor wrote:
Curious why Secunia is rating this as 'less critical'. The way I see it, this exploit could be integrated into the other exploits for mambo, joomla, phpbb, etc. Also, all of us that have websites hosted on linux machines that have a vulnerable kernel could get root? I'm thinking 'highly critical'?
Think of their scoring as a minimum rating. Depending on the particular impact to your system, you may need to adjust appropriately.
I would consider this highly critical on any system that would provide shell access to customers, non-privledged employees, etc. If a system has shell access restricted to just admins, I'm would care less about this vulnerability. On systems like this I generally assume that if someone gets shell to the system as a non-prileged user they will eventually get root anyways.
-- Greg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/