[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution
From: "Ricky Blaikie" <ricky.blaikie@servercity.co.uk>
Date: Wed, 12 Nov 2003 23:54:42 -0000

> > Thus spake mattmurphy@kc.rr.com (mattmurphy@kc.rr.com) [12/11/03 14:41]:
> >> bulletin.  A decent admin would configure FPSE such that this flaw is a
> >> non-issue.  This is because no ordinary user has a reason to be
accessing
> >> FPSE's files.  If FPSE is secured, this means that an attacker is
getting
> >> their own privileges back.

Why should a decent sys-admin have to perform this additional configuration?
If the list of vuln's that an admin has to deal with keeps growing, when
will sysad workload reach saturation point ?

Cheers,
--
Ricky Blaikie - Server City Ltd
http://www.servercity.co.uk - sales@servercity.co.uk
T:0871-2601000  F:0871-2601001
Visit our website for latest pricing and offers or e-mail me.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
  - From: "mattmurphy@kc.rr.com" <mattmurphy@kc.rr.com>
- Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution
  - From: Damian Gerow <damian@sentex.net>
- Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution
  - From: Paul Schmehl <pauls@utdallas.edu>

Prev by Date: Re: [Full-Disclosure] new worm - "warm-pussy.jpg".
Next by Date: [Full-Disclosure] Re: a PGP signed mail? Has to be spam!
Previous by thread: Re: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Next by thread: RE: [Full-Disclosure] Frontpage Extensions Remote Command Execution
Index(es):
- Date
- Thread