On Mon, Aug 13, 2012 at 6:02 PM, Richard Miles <richard.k.mi...@googlemail.com> wrote: > Thanks for fast reply. I'm still unsure if I understood properly.
Please reply on list. >> Yes, it does exist. When you run Viscosity for the first time, it makes >> that file SUID. > > So, you only have one chance to exploit it? Just before the first execution? No. You have infinite chances, after first execution. > > I really don't understand the attack, can you please explain it in details > or point me to some reference that explain similar attack in details for > other product? http://en.wikipedia.org/wiki/Setuid > > Thanks. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/