Command execution through Dynamic DNS setup is quite clearly not expected functionality.
On Mon, Nov 26, 2012 at 11:28 AM, Gary Driggs <[email protected]> wrote: > On Nov 26, 2012, at 1:47 AM, "Julius Kivimäki" > <[email protected]> wrote: > > > Is a privilege escalation vulnerability in Linux not a vulnerability if > it requires authentication? > > It was not made clear that it was a privilege escalation... > "Authenticate and browse to /setup.cgi? ... All the fields you see are > vulnerables to command execution as root." So what kind of credentials > are used for the initial authentication? Unprivileged? Then it should > be mentioned as such. Otherwise, I can point out a few dozen embedded > systems with web UIs that allow me to make configuration changes after > authentication because that's why they're there. Now if you can point > out a way to bypass authentication or escalate privileges from an > account that doesn't normally have write access, you've got a > vulnerability. I was merely asking how this differed from any other > auth wall. > > -Gary > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
