On Tue, Nov 28, 2006 at 04:02:36PM +0000, Tavis Ormandy wrote: > On Tue, Nov 28, 2006 at 10:56:33AM -0500, J. Oquendo wrote: > > Incorrect did you look at the fix? It isn't unsanitized as you state: > > J, you have made an attempt to fix it, but is is not sufficient. > > An attacker can still add arbitrary hosts to the deny list. I notice you also havnt solved the local privilege escalation, this can be abused by local users to gain root by attempting to login with the username set to a valid passwd entry and then winning the race condition by creating a symlink to the system passwd file (of course, there are dozens of other attacks). Thanks, Tavis. -- ------------------------------------- taviso@xxxxxxxxxxxxxxxx | finger me for my pgp key. -------------------------------------------------------
Attachment:
pgp1Y7wnd31Sw.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/