Full Disclosure mailing list archives
Re: Debian Development Machine "Gluck" Hacked - UPDATE
From: gboyce <gboyce () badbelly com>
Date: Thu, 13 Jul 2006 18:59:06 -0400 (EDT)
On Thu, 13 Jul 2006, David Taylor wrote:
Curious why Secunia is rating this as 'less critical'. The way I see it, this exploit could be integrated into the other exploits for mambo, joomla, phpbb, etc. Also, all of us that have websites hosted on linux machines that have a vulnerable kernel could get root? I'm thinking 'highly critical'?
Think of their scoring as a minimum rating. Depending on the particular impact to your system, you may need to adjust appropriately.
I would consider this highly critical on any system that would provide shell access to customers, non-privledged employees, etc. If a system has shell access restricted to just admins, I'm would care less about this vulnerability. On systems like this I generally assume that if someone gets shell to the system as a non-prileged user they will eventually get root anyways.
-- Greg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Debian Development Machine "Gluck" Hacked Morning Wood (Jul 12)
- Debian Development Machine "Gluck" Hacked - UPDATE Morning Wood (Jul 13)
- Re: Debian Development Machine "Gluck" Hacked - UPDATE David Taylor (Jul 13)
- Re: Debian Development Machine "Gluck" Hacked - UPDATE ad () heapoverflow com (Jul 13)
- Re: Debian Development Machine "Gluck" Hacked -UPDATE Morning Wood (Jul 13)
- Re: Debian Development Machine "Gluck" Hacked - UPDATE gboyce (Jul 13)
- Re: Debian Development Machine "Gluck" Hacked - UPDATE David Taylor (Jul 13)
- Debian Development Machine "Gluck" Hacked - UPDATE Morning Wood (Jul 13)