[CentOS] Another Fedora decision
Lamar Owen
lowen at pari.eduThu Feb 5 14:48:22 UTC 2015
- Previous message: [CentOS] Another Fedora decision
- Next message: [CentOS] Another Fedora decision
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 02/04/2015 05:55 PM, Warren Young wrote: >> On Feb 4, 2015, at 3:16 PM, Lamar Owen <lowen at pari.edu> wrote: >> >> There have been remotely exploitable vulnerabilities where an arbitrary file could be read > CVEs, please? CVE-2006-3392 for one. As this one was against Webmin, well, webmin by nature has to have root access. Yeah, webmin should not be configured to be accessible from the internet at large, but that's not the point. Yes, it is an old one, but there are I'm sure other vulnerabilities that have either not been found or not been published. And then, a long time ago, in an OS far far away, there was CVE-2000-0915 (FreeBSD 4.1.1 Finger Arbitrary Remote File Access) where the advisory text description included the following wording: "The finger daemon running on the remote host will reveal the contents of arbitrary files when given a command similar to the following : finger /etc/passwd at target Which will return the contents of /etc/passwd."
- Previous message: [CentOS] Another Fedora decision
- Next message: [CentOS] Another Fedora decision
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list