On 02/27/2012 11:23 PM, devn...@vonage.com wrote:
I believe that clarification is in order.
Indeed it is. The original post mentions a same-user attack
vector which is very misleading as to what the real problem here is.
And it boils down to this:
Once a process sends private info over DBUS
On 02/28/2012 12:14 AM, Dimitris Glynos wrote:
On 02/27/2012 11:23 PM, devn...@vonage.com wrote:
I believe that clarification is in order.
Indeed it is. The original post mentions a same-user attack
vector which is very misleading as to what the real problem here is.
And it boils down
to this issue.
Disclosure Timeline
---
Vendor Contact(s): December 20th, 2011
CVE assignment:February 21st, 2012
Public Disclosure: February 25th, 2012
Kind regards,
Dimitris Glynos
--
http://census-labs.com -- IT security research, development and services
by: Dimitris Glynos
Kind regards,
Dimitris Glynos
--
http://census-labs.com -- IT security research, development and services
[1] http://netvolution.net
[2] http://atcom.gr
[3] http://census-labs.com/news/2011/10/03/netvolution-referer-SQLi/
bugfix release date: June 1st, 2009
Public disclosure date: June 8th, 2009
With kind regards,
Dimitris Glynos
--
http://census-labs.com / IT security research, development and services
[1] http://www.rasterbar.com/products/libtorrent/projects.html
[2] http://wiki.theory.org