|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <14530.56345.699613.823666@mercury.st.hmc.edu> Date: Sun, 5 Mar 2000 14:13:45 -0800 Reply-To: Nate Eldredge <neldredge@HMC.EDU> From: Nate Eldredge <neldredge@HMC.EDU> X-To: bugtraq@securityfocus.com To: BUGTRAQ@SECURITYFOCUS.COM I note that this has been added to the Vulnerabilities Database on www.securityfocus.org (#1030) with the following solution: > The system.com program should be removed from the dosemu heirarchy. I don't think this is adequate. system.com is a fairly short file (300 bytes), and if a user has any way to create files inside the dosemu hierarchy (as they probably do, because otherwise dosemu is of limited value), they can easily re-create it. Correct fixes are listed at http://www.dosemu.org/docs/README/0.98/README-3.html , the URL referenced before. Such as setting secure mode in the configuration files. (Note that I haven't tested this as I can't reproduce the vulnerability with my current dosemu configuration.) -- Nate Eldredge neldredge@hmc.edu
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |