Total propaganda, if you read it properly you will see.. Ms will not ever own
or patent the sudo command. They offer a list of accounts which will be needed
when elevated privileges are required.. Sudo doesn't do anything like this at
all..
Long live Unix commands, down with the cmd.
-Ori
rPath Security Advisory: 2009-0142-2
Published: 2009-11-12
Updated:
2009-11-12 updated to reference CVE-2009-1891
Products:
rPath Appliance Platform Linux Service 2
rPath Linux 2
Rating: Major
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
Updat
rPath Security Advisory: 2009-0145-1
Published: 2009-11-12
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Severe
Exposure Level Classification:
Local User Deterministic Unauthorized Access
Updated
rPath Security Advisory: 2009-0144-1
Published: 2009-11-12
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Major
Exposure Level Classification:
Remote User Deterministic Denial of Service
Updated Ve
rPath Security Advisory: 2009-0143-1
Published: 2009-11-12
Products:
rPath Appliance Platform Linux Service 2
rPath Linux 2
Rating: Informational
Exposure Level Classification:
Remote User Deterministic Weakness
Updated Versions:
util-linux=conary.rpath@rpl:2/2.13_pre7-14.2-1
rPath Security Advisory: 2009-0142-1
Published: 2009-11-12
Products:
rPath Appliance Platform Linux Service 2
rPath Linux 2
Rating: Major
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
Updated Versions:
httpd=conary.rpath@rpl:2/2.2.9-4.2-1
Greetings Full Disclosure,
For the past few weeks I've been facing a professional dilemma.
Should I out someone who at one time fellated me? Should I trouble
my colleagues with drama only 5% will care about. I'll take the
gamble, as there are odds 100% may reap entertainment from such
undertak
In message <7897.1258048...@turing-police.cc.vt.edu>
so spake (Valdis.Kletnieks):
> Umm... my check of my 'sudo' manpage says that the '-u username' is
> optional, and I don't remember having to use '-u root', so it's supported
> doing it without having to type the target username for yea
Note: This is a toolkit by Microsoft meant to be used on a thumb
drive.
There are many open source tools already available, this is just an
all-in-one set. For the curious tinkerer.
Microsoft COFEE forensic toolkit: http://cryptome.org/cofee.zip
User guide: http://cryptome.org/cofee-guide.zip
On Thu, 12 Nov 2009 10:36:19 EST, "Todd C. Miller" said:
> privileges. The actual "invention" appears to be that the user is
> able to perform an action as a different user without having to
> type in the name of that other user when authenticating.
Umm... my check of my 'sudo' manpage says that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Milan Berger wrote:
> Hi there,
>
>> IV. PROOF OF CONCEPT
>> -
>> Browser is enough to replicate this issue. Simply log in to your
>> wordpress blog as a low privileged
>> user or admin. Create a new post and use the media
On Thu, Nov 12, 2009 at 1:48 PM, Milan Berger
wrote:
>> and it should be possible to request the uploaded file via a link:
>> http://link-to-our-wp-unsecured-blog.com/wp-content/uploads/2009/11/test-vuln.php.jpg
>
> tried this with lighttpd and wordpress 2.8.5 and PHP 5.2.11-pl0-gentoo
> with Suho
==
Secunia Research 12/11/2009
- Gimp BMP Image Parsing Integer Overflow Vulnerability -
==
Table of Contents
Affected Software...
In message <4afc1708.7040...@gmail.com>
so spake Leandro Malaquias (lm.net.security):
> Website: http://gizmodo.com/5402796/microsoft-patents-the-sudo-command
> Patent:
> http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1
> &u=/netahtml/PTO/srchnum.htm&r=1&f=G&l
The same thing was discussed on WP-Hackers list[1] and it was found
that the problem was introduced by Option +Multiviews[2]...
And also someone point that Option +Multiviews is enabled by default
on cpanel/whm[3] based servers therefore lots of cheap (and not so
cheap) shared hosting providers int
LOL I forgot to add this did not work on my box.
--
Martin Aberastegue
http://www.martinaberastegue.com/
On Thu, Nov 12, 2009 at 10:41 AM, Martin Aberastegue wrote:
> The same here tested on Wordpress 2.8.5 / Apache/2.0.63 (Unix)
> mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1
> mod_
===
Ubuntu Security Notice USN-858-1 November 12, 2009
openldap2.2 vulnerability
CVE-2009-3767
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This
Website: http://gizmodo.com/5402796/microsoft-patents-the-sudo-command
Patent:
http://patft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/PTO/srchnum.htm&r=1&f=G&l=50&s1=7,617,530.PN.&OS=PN/7,617,530&RS=PN/7,617,530
___
Did not work on:
Apache/2.2.8 (Ubuntu) DAV/2 PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch Server
Original Message
Subject: [Full-disclosure] WordPress <= 2.8.5 Unrestricted File Upload
Arbitrary PHP Code Execution
Date: Wed, 11 Nov 2009 16:47:49 +
From: Dawid Golunski
To: full-d
The same here tested on Wordpress 2.8.5 / Apache/2.0.63 (Unix)
mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1
mod_bwlimited/1.4 FrontPage/5.0.2.2635 - PHP/5.2.6
Regards
--
Martin Aberastegue
http://www.martinaberastegue.com/
On Thu, Nov 12, 2009 at 9:48 AM, Milan Berger
wrote:
> Hi th
Hi there,
> IV. PROOF OF CONCEPT
> -
> Browser is enough to replicate this issue. Simply log in to your
> wordpress blog as a low privileged
> user or admin. Create a new post and use the media file upload
> feature to upload a file:
>
> test-image.php.jpg
>
> containin
=
- Release date: November 11th, 2009
- Discovered by: Dawid Golunski
- Severity: Moderately High
=
I. VULNERABILITY
-
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Exec
22 matches
Mail list logo
