lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20051223040456.14637.qmail@web53208.mail.yahoo.com>
Date: Thu, 22 Dec 2005 20:04:56 -0800 (PST)
From: Steven Rakick <stevenrakick@...oo.com>
To: Reed Arvin <reedarvin@...il.com>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	submit@...w0rm.com, vuln@...unia.com
Subject: Re: Privilege escalation in McAfee
	VirusScanEnterprise 8.0i (patch 11) and CMA 3.5 (patch 5)

Hi Reed,
   
  I'm unable to verify that. I'm sure someone else will.
   
  Regardless, as indicated by the previous Full-Disclosure posting by Pretty Vacant, the behavior you're speaking about has been known for years. Sorry you wasted your time. 
   
  It's clear you were unaware of the previous research. You must have thought it was pretty important, considering how many lists you cross posted to.
   
  Thanks for your efforts.

  
Reed Arvin <reedarvin@...il.com> wrote:
  Sir,

On Windows 2000 operating systems the default permissions for the root
of the OS drive is Everyone/Full Control. However, with Microsoft
operating systems newer than Windows 2000 administrative privileges
are necessary. Thank you for your comment.

Regards,
Reed

On 12/22/05, Steven Rakick wrote:
> See:
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html
>
> It's not a vulnerability as it requires administrative privs in the first
> place.
>
>
>
>
>
>
> ________________________________
> Yahoo! DSL Something to write home about. Just $16.99/mo. or less
>
>
  


		
---------------------------------
 Yahoo! DSL Something to write home about. Just $16.99/mo. or less
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ