Reply With Quotecan confirm it doesn't happen in 8.1
There's a potential security hole in Drake's default security setup.
I implore you:
Go into the Mandrake Control Center, security settings, and make sure it's set to at least "High" or you may have problems.
I won't post details publicly right now due to the potential risk involved, sorry.
I don't know if earlier versions are effected or not.
can confirm it doesn't happen in 8.1
whatdoyougetwhenyoumultiplysixbynine??
Hmmm. New Mandrake splash screen:Originally Posted by Spot
"Welcome to Mandoze98"
:P :P :P :P :P :-X
Oscar
Since it's a matter of public record now...
http://online.securityfocus.com/archive/1/277515
I figured you might get a kick out of this. CERT basically shot me down
and missed my point entirely.
Their arguement?
"This utility accurately and consistently performs as documented" and as such, RTFM Mr. L4m3r.
Yea, it works as documented, but that doesn't make the behavior proper security for "multi-user local use".
Using that arguement, MS could document how Code Red/Nimda can make IIS vulnerable - henceforth making it a non-issue since it would
"accurately and consistently perform as documented"
pffffffffffffft
---------- Forwarded Message ----------
Subject: Re: Mandrake 8.2 msec security issue VU#455323
Date: Tue, 25 Jun 2002 16:24:31 -0400 .
From: "CERT(R) Coordination Center" <cert@cert.org>
To: spot @ getlinuxonline.com
Cc: "CERT(R) Coordination Center" <cert@cert.org>
-----BEGIN PGP SIGNED MESSAGE-----
Spot,
In response to your Bugtraq post dated Jun 17, 2002, the CERT/CC has
released Vulnerability Note VU#455323, which you can find at:
http://www.kb.cert.org/vuls/id/455323
We have assigned a tracking number to this report (VU#455323); please include it in the subject line of any future correspondence regarding this issue.
P.S
still not a peep from Mandrake
Posting Permissions
Bookmarks