Bugtraq mailing list archives
Re: Microsoft Security Bulletin (MS00-048)
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Tue, 11 Jul 2000 21:45:31 +0200
Richard Waymire wrote:
for 3) Yes, the vulnerability allowed this. A basic misunderstanding between what you're saying for #3 and what I'm saying is that I'm assuming you have patched your server and then carrying the discussion forward.
Gotcha, Jenik <jenik () CPOL COM> stated that the FAQ for MS00-048 should mention xp_cmdshell() for the above reasons, thereby implicitly assuming that the patch is not (yet) installed. That's where I was coming from. Your comments went fly in the face of what I understood the vulnerability to be, hence my questions.
Clearly you are at great risk without this patch being applied.
Yes. I guess Jenik just wanted to make sure that the Average User(tm) would understand the exact dangers involved. Well, no point in discussing this non-issue any further. Regards, Mikael Olsson -- Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- LPRng lpd should not be SETUID root, (continued)
- LPRng lpd should not be SETUID root Patrick Powell (Jul 09)
- NetBSD Security Advisory 2000-009 security-officer () NETBSD ORG (Jul 10)
- Re: LPRng lpd should not be SETUID root Cy Schubert - ITSD Open Systems Group (Jul 10)
- NetBSD Security Advisory 2000-010 security-officer () NETBSD ORG (Jul 10)
- Re: Microsoft Security Bulletin (MS00-048) Richard Waymire (Jul 10)
- Re: Microsoft Security Bulletin (MS00-048) Mikael Olsson (Jul 11)
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd [REVISED] FreeBSD Security Advisories (Jul 11)
- Re: Microsoft Security Bulletin (MS00-048) Richard Waymire (Jul 11)
- Remote Denial Of Service -- NetWare 5.0 with SP 5 Dimuthu Parussalla (Jul 10)
- Re: Remote Denial Of Service -- NetWare 5.0 with SP 5 Conrad Wood (Jul 13)
- Re: Microsoft Security Bulletin (MS00-048) Mikael Olsson (Jul 11)
- Remote Denial Of Service -- NetWare 5.0 with SP 5 Dimuthu Parussalla (Jul 10)
- LPRng lpd should not be SETUID root Patrick Powell (Jul 09)