lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <80115b690512231034y5f83e916n6c4299471fb1f89d@mail.gmail.com>
Date: Fri Dec 23 18:45:30 2005
From: reedarvin at gmail.com (Reed Arvin)
Subject: Privilege escalation in McAfee
	VirusScanEnterprise 8.0i (patch 11) and CMA 3.5 (patch 5)

Sir,

Although the exploitation technique was already known I am sure that
others are happy to know about the vulnerability. And I assure you
that I did not waste my time.

Apparently you have strong feelings about my post. I apologize if I
have offended you in some way. This will be my last reply.

Best regards and happy holidays.

On 12/22/05, Steven Rakick <stevenrakick@...oo.com> wrote:
> Hi Reed,
>
> I'm unable to verify that. I'm sure someone else will.
>
> Regardless, as indicated by the previous Full-Disclosure posting by Pretty
> Vacant, the behavior you're speaking about has been known for years. Sorry
> you wasted your time.
>
> It's clear you were unaware of the previous research. You must have thought
> it was pretty important, considering how many lists you cross posted to.
>
> Thanks for your efforts.
>
>
> Reed Arvin <reedarvin@...il.com> wrote:
> Sir,
>
> On Windows 2000 operating systems the default permissions for the root
> of the OS drive is Everyone/Full Control. However, with Microsoft
> operating systems newer than Windows 2000 administrative privileges
> are necessary. Thank you for your comment.
>
> Regards,
> Reed
>
> On 12/22/05, Steven Rakick wrote:
> > See:
> >
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/033909.html
> >
> > It's not a vulnerability as it requires administrative privs in the first
> > place.
> >
> >
> >
> >
> >
> >
> > ________________________________
> > Yahoo! DSL Something to write home about. Just $16.99/mo. or less
> >
> >
>
>
>
>
>  ________________________________
>  Yahoo! DSL Something to write home about. Just $16.99/mo. or less
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ