Full Disclosure mailing list archives
Re: Frontpage Extensions Remote Command Execution
From: "Ricky Blaikie" <ricky.blaikie () servercity co uk>
Date: Wed, 12 Nov 2003 23:54:42 -0000
Thus spake mattmurphy () kc rr com (mattmurphy () kc rr com) [12/11/03 14:41]:bulletin. A decent admin would configure FPSE such that this flaw is a non-issue. This is because no ordinary user has a reason to be
accessing
FPSE's files. If FPSE is secured, this means that an attacker is
getting
their own privileges back.
Why should a decent sys-admin have to perform this additional configuration? If the list of vuln's that an admin has to deal with keeps growing, when will sysad workload reach saturation point ? Cheers, -- Ricky Blaikie - Server City Ltd http://www.servercity.co.uk - sales () servercity co uk T:0871-2601000 F:0871-2601001 Visit our website for latest pricing and offers or e-mail me. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Frontpage Extensions Remote Command Execution Brett Moore (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Geo. (Nov 12)
- <Possible follow-ups>
- RE: Frontpage Extensions Remote Command Execution mattmurphy () kc rr com (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Geo. (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Damian Gerow (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Paul Schmehl (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Damian Gerow (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Ricky Blaikie (Nov 12)
- RE: Frontpage Extensions Remote Command Execution mattmurphy () kc rr com (Nov 12)
- Re: Frontpage Extensions Remote Command Execution Geoincidents (Nov 12)
- RE: Frontpage Extensions Remote Command Execution Nick Jacobsen (Nov 12)
- Re[2]: Frontpage Extensions Remote Command Execution Adik (Nov 13)
- RE: Frontpage Extensions Remote Command Execution Marc Maiffret (Nov 13)