[Coldstuff] Advisory: Security hole with ColdCore
xmath
coldstuff@cold.org
Thu, 24 Jan 2002 07:40:00 +0100
>What permissions does the user have to have to exploit? In other words,
>does it require $guest, $user, $builder, $programmer? Can it be exploited
>remotely via the default services (http, smtp, etc)?
>
>These sorts of things are useful to properly weigh the risk and urgency of
>obtaining the fix. There's probably other questions worth asking, but you
>get the point. Its possible to provide some detail other than "you've got
>a problem, see me for a fix" without giving out the gory details.
To be able to exploit the security hole, the user must be able to
execute a public method, which normally means he has to be
$programmer. If he can exploit the hole, he can basically do
anything, including making himself an admin.
- xmath