Full Disclosure mailing list archives
NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
From: Propaganda Support <support () propagandaprod com>
Date: Wed, 23 Aug 2006 11:04:21 +0200
Alex wrote:
Making system() calls without a full path from a suid root binary is just asking for trouble.
Agreed. No argument.
You should fix it.
I neglected to mention that I have. It will be released shortly. Kind Regards, -jeff -- Jeff Holland http://propagandaprod.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 23)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] K F (Aug 23)
- <Possible follow-ups>
- NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 23)