> > Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]) [12/11/03 14:41]: > >> bulletin. A decent admin would configure FPSE such that this flaw is a > >> non-issue. This is because no ordinary user has a reason to be accessing > >> FPSE's files. If FPSE is secured, this means that an attacker is getting > >> their own privileges back.
Why should a decent sys-admin have to perform this additional configuration? If the list of vuln's that an admin has to deal with keeps growing, when will sysad workload reach saturation point ? Cheers, -- Ricky Blaikie - Server City Ltd http://www.servercity.co.uk - [EMAIL PROTECTED] T:0871-2601000 F:0871-2601001 Visit our website for latest pricing and offers or e-mail me. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html