[Full-Disclosure] Frontpage Extensions Remote Command Execution
Ricky Blaikie
ricky.blaikie at servercity.co.uk
Wed Nov 12 23:54:42 GMT 2003
> > Thus spake mattmurphy at kc.rr.com (mattmurphy at kc.rr.com) [12/11/03 14:41]:
> >> bulletin. A decent admin would configure FPSE such that this flaw is a
> >> non-issue. This is because no ordinary user has a reason to be
accessing
> >> FPSE's files. If FPSE is secured, this means that an attacker is
getting
> >> their own privileges back.
Why should a decent sys-admin have to perform this additional configuration?
If the list of vuln's that an admin has to deal with keeps growing, when
will sysad workload reach saturation point ?
Cheers,
--
Ricky Blaikie - Server City Ltd
http://www.servercity.co.uk - sales at servercity.co.uk
T:0871-2601000 F:0871-2601001
Visit our website for latest pricing and offers or e-mail me.
Full-Disclosure is hosted and sponsored by Secunia.