[Coldstuff] Advisory: Security hole with ColdCore

Vanish 1024 coldstuff@cold.org
Thu, 24 Jan 2002 20:55:48 -0800


I'ld like the gory details if you please :)  And the fix too.


-- 
Vanish 1024
vanish1024@onebox.com - email
(818) 630-2340 x5993 - voicemail/fax



---- Brad Roberts <braddr@puremagic.com> wrote:
> What permissions does the user have to have to exploit?  In other words,
> does it require $guest, $user, $builder, $programmer?  Can it be exploited
> remotely via the default services (http, smtp, etc)?
> 
> These sorts of things are useful to properly weigh the risk and urgency
> of
> obtaining the fix.  There's probably other questions worth asking,
> but you
> get the point.  Its possible to provide some detail other than "you've
> got
> a problem, see me for a fix" without giving out the gory details.
> 
> Later,
> Brad
> 
> On Wed, 23 Jan 2002, Brandon Gillespie wrote:
> 
> > Date: Wed, 23 Jan 2002 18:50:07 -0700
> > From: Brandon Gillespie <brandon@roguetrader.com>
> > Reply-To: coldstuff@cold.org
> > To: coldstuff@cold.org
> > Subject: [Coldstuff] Advisory: Security hole with ColdCore
> >
> > This is an advisory to anybody running ColdCore.  There is a security
> > hole which was found by xmath where anybody can run code as an
> > administrator.  I'll post the fix here in a week or so, to give
> > administrators a chance to fix it first.  To get the fix either
> > contact me via email or get on the Cold Dark and ask either me or
> > xmath.
> >
> > -Brandon Gillespie
> > _______________________________________________
> > Cold-Coldstuff mailing list
> > Cold-Coldstuff@cold.org
> > http://web.cold.org/mailman/listinfo/cold-coldstuff
> >
> 
> 
> _______________________________________________
> Cold-Coldstuff mailing list
> Cold-Coldstuff@cold.org
> http://web.cold.org/mailman/listinfo/cold-coldstuff
> 

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com