Vulnerability Development mailing list archives
Re: Vulnerability Disclosure
From: Lincoln Yeoh <lyeoh () pop jaring my>
Date: Sun, 17 Jun 2007 03:36:14 +0800
At 01:10 AM 6/9/2007, Valdis.Kletnieks () vt edu wrote:
The *real* attack vector here is "Can you, as an outsider, get the sysadmin to run a installer script that *looks* OK at first glance, but ends up doing something untoward by abusing the setup.exe that the sysadmin sees in the script but doesn't actually look closely at"?
Sure. Install notes: perl Makefile.PL make make test make installIf you look at the Windows malware - a lot of attackers don't even care about getting "admin", just normal user privileges are good enough to do what they want (zombies to send spam, DoS, etc).
cron jobs + LWP + Google + eval = fun, right? Could always look in ~/Maildir etc for "Spam" to eval too. Have a nice day ;). Link.
Current thread:
- Vulnerability Disclosure matt . steer (Jun 06)
- Re: Vulnerability Disclosure Steve Shockley (Jun 07)
- Re: Vulnerability Disclosure Mauro Flores (Jun 07)
- <Possible follow-ups>
- Re: Vulnerability Disclosure Jonathan Leffler (Jun 07)
- Re: Vulnerability Disclosure Valdis . Kletnieks (Jun 08)
- Re: Vulnerability Disclosure Jonathan Leffler (Jun 08)
- Re: Vulnerability Disclosure Lincoln Yeoh (Jun 18)
- Re: Vulnerability Disclosure Valdis . Kletnieks (Jun 08)