[17029] in bugtraq
Re: Very probable remote root vulnerability in cfengine
daemon@ATHENA.MIT.EDU (Sergey Kogan)
Tue Oct 3 14:40:11 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96.1001003123030.1205A-100000@kogan.omskelecom.ru>
Date: Tue, 3 Oct 2000 12:45:43 +0700
Reply-To: Sergey Kogan <kogan@omskelecom.ru>
From: Sergey Kogan <kogan@omskelecom.ru>
X-To: Shaun Clowes <shaun@securereality.com.au>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39d910d4.d3.0@webcentral.com.au>
> Having said that, this particular advisory is an example of something I find
> extrememly frustrating. This bug in particular is almost certainly remotely
> exploitable, I'd agree with this, however, I don't think that makes life very
> fair for the average systems administrator. If she reads the advisory, she is
> told it should be vulnerable not that it is. This could lead her to having to
> upgrade a service, possibly on a critical machine for no reason if the problem
> is found to be non exploitable.
I disagree ! This 'should be vulnerable' advisory is VERY useful. In such
cases system administrator should do the following:
a) Check, if service on his/her server is ponentially vulnerable according
to advisory and ...
b) Shutdown or restrict access to vulnerable service until ...
c) Research source code to understand if bug is exploitable or no. Or ...
c') Wait until somebody else do the research and post results.
It is much better to upgrade non-exploitable service on critical machine
than restore critical machine from scratch after hackers visit. I vote for
posting advisories like this one.
---
Sincerely yours,
Sergey Kogan,
kogan@omskelecom.ru
