Bugtraq mailing list archives
Re: Very probable remote root vulnerability in cfengine
From: Sergey Kogan <kogan () omskelecom ru>
Date: Tue, 3 Oct 2000 12:45:43 +0700
Having said that, this particular advisory is an example of something I find extrememly frustrating. This bug in particular is almost certainly remotely exploitable, I'd agree with this, however, I don't think that makes life very fair for the average systems administrator. If she reads the advisory, she is told it should be vulnerable not that it is. This could lead her to having to upgrade a service, possibly on a critical machine for no reason if the problem is found to be non exploitable.
I disagree ! This 'should be vulnerable' advisory is VERY useful. In such cases system administrator should do the following: a) Check, if service on his/her server is ponentially vulnerable according to advisory and ... b) Shutdown or restrict access to vulnerable service until ... c) Research source code to understand if bug is exploitable or no. Or ... c') Wait until somebody else do the research and post results. It is much better to upgrade non-exploitable service on critical machine than restore critical machine from scratch after hackers visit. I vote for posting advisories like this one. --- Sincerely yours, Sergey Kogan, kogan () omskelecom ru
Current thread:
- Very probable remote root vulnerability in cfengine Pekka Savola (Oct 02)
- Re: Very probable remote root vulnerability in cfengine Ben Collins (Oct 02)
- <Possible follow-ups>
- Re: Very probable remote root vulnerability in cfengine Shaun Clowes (Oct 02)
- Re: Very probable remote root vulnerability in cfengine Sergey Kogan (Oct 03)
- Re: Very probable remote root vulnerability in cfengine David LeBlanc (Oct 03)
- Re: Very probable remote root vulnerability in cfengine Scott Gifford (Oct 03)