[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Add murmur.
From: |
Hartmut Goebel |
Subject: |
Re: Add murmur. |
Date: |
Sun, 12 Feb 2017 18:01:04 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 |
Am 12.02.2017 um 15:37 schrieb David Craven:
> I think that it is a minor
> issue at best, since anything that isn't accessible over the network or
> running
> with any sort of privileges is not very useful.
I strongly disagree!
Every piece of software available on the system may the intruder. The
server may not be running so it can not be attacked in the first place.
But if an intruder gains (unprivileged) access to the system, he might
be able to start that server software. Then he might use it for
privilege escalation (if the server software is vulnerable), as a
back-channel or for attacking further systems.
> This hypothetical attacker is trying to escalate privileges. I don't
> see how starting an unprivileged process would help with that.
Well, simply by an exploiting a bug in that software. This is a quite
common case :-)
--
Regards
Hartmut Goebel
| Hartmut Goebel | address@hidden |
| www.crazy-compilers.com | compilers which you thought are impossible |
- Re: Add murmur., (continued)
- Re: Add murmur., ng0, 2017/02/10
- Re: Add murmur., Marius Bakke, 2017/02/10
- Re: Add murmur., ng0, 2017/02/10
- Re: Add murmur., Ludovic Courtès, 2017/02/11
- Re: Add murmur., ng0, 2017/02/11
- Re: Add murmur., Ludovic Courtès, 2017/02/12
- Re: Add murmur., ng0, 2017/02/12
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur., ng0, 2017/02/12
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur.,
Hartmut Goebel <=
- Re: Add murmur., pelzflorian (Florian Pelz), 2017/02/12
- Re: Add murmur., Ludovic Courtès, 2017/02/13
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur., Hartmut Goebel, 2017/02/14
- Re: Add murmur., ng0, 2017/02/14
- server and client in one package -> security issue (was: Add murmur), Hartmut Goebel, 2017/02/12
- Re: server and client in one package -> security issue (was: Add murmur), ng0, 2017/02/12
- Re: server and client in one package -> security issue (was: Add murmur), David Craven, 2017/02/12
- Re: server and client in one package -> security issue, Hartmut Goebel, 2017/02/12
- Re: server and client in one package -> security issue, Ludovic Courtès, 2017/02/13