Full Disclosure mailing list archives
Re: Frontpage Extensions Remote Command Execution
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 12 Nov 2003 16:03:08 -0600
--On Wednesday, November 12, 2003 02:53:02 PM -0500 Damian Gerow <damian () sentex net> wrote:
Thus spake mattmurphy () kc rr com (mattmurphy () kc rr com) [12/11/03 14:41]:bulletin. A decent admin would configure FPSE such that this flaw is a non-issue. This is because no ordinary user has a reason to be accessing FPSE's files. If FPSE is secured, this means that an attacker is getting their own privileges back.A decent OS shouldn't need the admin to go in and modify permissions on specific files in order to give a ensure a basic security requirement. While an ordinary user may have no reason to access those files, an ordinary admin should similarily have no reason for modifying the permissions on those files.
You're serious? I mean *really* serious? Or is this a test? How do you explain this, for example? http://httpd.apache.org/docs/misc/security_tips.html Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Frontpage Extensions Remote Command Execution Brett Moore (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Geo. (Nov 12)
- <Possible follow-ups>
- RE: Frontpage Extensions Remote Command Execution mattmurphy () kc rr com (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Geo. (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Damian Gerow (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Paul Schmehl (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Damian Gerow (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Ricky Blaikie (Nov 12)
- RE: Frontpage Extensions Remote Command Execution mattmurphy () kc rr com (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Geoincidents (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Nick Jacobsen (Nov 12)
- Re[2]: Frontpage Extensions Remote Command Execution Adik (Nov 13)
- RE: Frontpage Extensions Remote Command Execution Marc Maiffret (Nov 13)