[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 076-1] New most packages available



* Andres Salomon (dilinger@mp3revolution.net) [010918 17:40]:
> My point is, it's not a daemon, it's not associated w/ any type of network
> service, it's not associated w/ any clients that regularly receive untrusted
> data from outside sources, and it's not even used by default on most
> people's boxes (less, if installed, will be used instead of most by default).
> 
> If you're going to associate a vulnerability in something like most as
> being remotely exploitable, at least explain it a bit.  I have most

I think the key is in "when viewing a malicious file ... could enable
most to execute arbitrary code being able to compromise the users
environment."

Now, since people may use most to view email, which may come from remote
sites, this can be considered a remote exploit.

-- 
Vineet                                   http://www.anti-dmca.org
Unauthorized use of this .sig may constitute violation of US law.
echo Qba\'g gernq ba zr\!             |tr 'a-zA-Z' 'n-za-mN-ZA-M'

Attachment: pgp1sTPPDqumu.pgp
Description: PGP signature


Reply to: