This is not simply wrong, this is medically wrong.
On 04/29/2011 12:43 AM, Mario Vilas wrote: > Precisely. The poc triggers the bug by passing a very long command line > argument, so it's assumed the attacker already has executed code. The only > way this is exploitable is if the binary has suid (then the attacker can > elevate privileges) or the command can be executed remotely (and the > attacker additionaly cannot execute any other commands, but can mysteriously > control the arguments). Unless either scenario is researched (and nothing in > the advisory tells me so) I call bullshit. > > On Thu, Apr 28, 2011 at 6:09 PM, <[email protected]> wrote: > >> On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said: >> >>> Is the suid bit set on that binary? Otherwise, unless I'm missing >> something >>> it doesn't seem to be exploitable by an attacker... >> >> Who cares? You got code executed on the remote box, that's the *hard* >> part. >> Use that to inject a callback shell or something, use *that* to get >> yourself a shell >> prompt. At that point, download something else that exploits you to root - >> if >> you even *need* to, as quite often the Good Stuff is readable by non-root >> users. >> > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
