Full Disclosure mailing list archives
Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
From: Alexander Sotirov <asotirov () determina com>
Date: Tue, 22 Aug 2006 11:12:40 -0700
Regardless of the feasibility of exploitation in Toast 7, it's still a bug. There are no guarantees that the vulnerable code will not be exposed to users with less privileges in a future version of the product. Making system() calls without a full path from a suid root binary is just asking for trouble. You should fix it. Alex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 22)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] K F (lists) (Aug 22)
- Message not available
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 22)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Alexander Sotirov (Aug 22)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] K F (lists) (Aug 22)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 22)