Full Disclosure mailing list archives

NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]

From: Propaganda Support <support () propagandaprod com>
Date: Wed, 23 Aug 2006 11:04:21 +0200

Alex wrote:

Making system() calls without a full path from a suid root binaryis just asking for trouble.


Agreed. No argument.

You should fix it.


I neglected to mention that I have. It will be released shortly.

Kind Regards,
-jeff

--
Jeff Holland
http://propagandaprod.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 23)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] K F (Aug 23)
- <Possible follow-ups>
- NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 23)