[CentOS] Another Fedora decision
Lamar Owen
lowen at pari.edu
Thu Feb 5 14:48:22 UTC 2015
On 02/04/2015 05:55 PM, Warren Young wrote:
>> On Feb 4, 2015, at 3:16 PM, Lamar Owen <lowen at pari.edu> wrote:
>>
>> There have been remotely exploitable vulnerabilities where an arbitrary file could be read
> CVEs, please?
CVE-2006-3392 for one. As this one was against Webmin, well, webmin by
nature has to have root access. Yeah, webmin should not be configured
to be accessible from the internet at large, but that's not the point.
Yes, it is an old one, but there are I'm sure other vulnerabilities that
have either not been found or not been published.
And then, a long time ago, in an OS far far away, there was
CVE-2000-0915 (FreeBSD 4.1.1 Finger Arbitrary Remote File Access) where
the advisory text description included the following wording:
"The finger daemon running on the remote host will reveal the contents
of arbitrary files when given a command similar to the following :
finger /etc/passwd at target
Which will return the contents of /etc/passwd."
More information about the CentOS
mailing list