[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
From: Alexander Sotirov <asotirov@xxxxxxxxxxxxx>
Date: Tue, 22 Aug 2006 11:12:40 -0700

Regardless of the feasibility of exploitation in Toast 7, it's still a bug.
There are no guarantees that the vulnerable code will not be exposed to users
with less privileges in a future version of the product. Making system() calls
without a full path from a suid root binary is just asking for trouble. You
should fix it.

Alex

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
  - From: Propaganda Support
- Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
  - From: Propaganda Support

Prev by Date: [Full-disclosure] Oracle Database IDS Evasion Techniques for SQL*Net
Next by Date: [Full-disclosure] EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable
Previous by thread: Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
Next by thread: Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
Index(es):
- Date
- Thread