Ben Ford wrote:
>
> Qualys Inc wrote:
> >
> >Mitigating Factors:
> >-------------------
> >The replication process of the Remote Shell Program can only effect
> >binary files within the access privileges of the user who launched
> >the originally infected program.
>
> A properly configured machine won't have
^^^^^^^^^^
Should be "operated" :)
> the root user running untrusted binaries.
Also, if the machine is used as a development platform, it is likely
the operator running as a non-privileged user may have write
access to executables stored in the current working directory which
would allow the malicious code to spread...perhaps to development
team members and finally to shared production code. Ugh.
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 11:14:35 PDT