Full Disclosure mailing list archives
Linux Privilege Escalation exploits
From: David Taylor <ltr () isc upenn edu>
Date: Fri, 14 Jul 2006 22:35:27 -0400
I know various security research sites that release advisories on new vulnerabilities have their own way they determine what is critical or not. Privilege escalation exploits are usually local and require a local account to exploit. So, it seems that security research sites label these as 'less critical'. But at the same time they will label a Mambo exploit that lets you have access to a system as 'highly critical'. If I can launch a Mambo exploit against a system that has a vulnerable version of OS susceptible to the priv esc isn't that now extremely critical? With all of the exploits out that the defacer kiddies use could a local priv esc exploit be integrated into these? If so then shouldn't these vulnerabilities be rated higher than 'less critical'? I'm just thinking that people aren't looking at the big picture when they rate these vulnerabilities. ================================================== David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ ================================================== Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Linux Privilege Escalation exploits David Taylor (Jul 14)
- Re: Linux Privilege Escalation exploits Valdis . Kletnieks (Jul 14)
- Re: Linux Privilege Escalation exploits Knud Erik Højgaard (Jul 15)
- Re: Linux Privilege Escalation exploits Tim (Jul 15)
- Re: Linux Privilege Escalation exploits Christian Swartzbaugh (Jul 18)
- Re: Linux Privilege Escalation exploits Tim (Jul 15)