Full Disclosure: Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]

From: Alexander Sotirov <asotirov () determina com>
Date: Tue, 22 Aug 2006 11:12:40 -0700

Regardless of the feasibility of exploitation in Toast 7, it's still a bug.
There are no guarantees that the vulnerable code will not be exposed to users
with less privileges in a future version of the product. Making system() calls
without a full path from a suid root binary is just asking for trouble. You
should fix it.

Alex

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 22)
- Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] K F (lists) (Aug 22)
- Message not available
  - Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Propaganda Support (Aug 22)
    - Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] Alexander Sotirov (Aug 22)
    - Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ] K F (lists) (Aug 22)