[Coldstuff] Advisory: Security hole with ColdCore
Vanish 1024
coldstuff@cold.org
Thu, 24 Jan 2002 20:55:48 -0800
I'ld like the gory details if you please :) And the fix too.
--
Vanish 1024
vanish1024@onebox.com - email
(818) 630-2340 x5993 - voicemail/fax
---- Brad Roberts <braddr@puremagic.com> wrote:
> What permissions does the user have to have to exploit? In other words,
> does it require $guest, $user, $builder, $programmer? Can it be exploited
> remotely via the default services (http, smtp, etc)?
>
> These sorts of things are useful to properly weigh the risk and urgency
> of
> obtaining the fix. There's probably other questions worth asking,
> but you
> get the point. Its possible to provide some detail other than "you've
> got
> a problem, see me for a fix" without giving out the gory details.
>
> Later,
> Brad
>
> On Wed, 23 Jan 2002, Brandon Gillespie wrote:
>
> > Date: Wed, 23 Jan 2002 18:50:07 -0700
> > From: Brandon Gillespie <brandon@roguetrader.com>
> > Reply-To: coldstuff@cold.org
> > To: coldstuff@cold.org
> > Subject: [Coldstuff] Advisory: Security hole with ColdCore
> >
> > This is an advisory to anybody running ColdCore. There is a security
> > hole which was found by xmath where anybody can run code as an
> > administrator. I'll post the fix here in a week or so, to give
> > administrators a chance to fix it first. To get the fix either
> > contact me via email or get on the Cold Dark and ask either me or
> > xmath.
> >
> > -Brandon Gillespie
> > _______________________________________________
> > Cold-Coldstuff mailing list
> > Cold-Coldstuff@cold.org
> > http://web.cold.org/mailman/listinfo/cold-coldstuff
> >
>
>
> _______________________________________________
> Cold-Coldstuff mailing list
> Cold-Coldstuff@cold.org
> http://web.cold.org/mailman/listinfo/cold-coldstuff
>
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com