On Sun, Mar 02, 2008 at 04:32:26PM -0800, David Fox wrote: > On 3/2/08, Andrew Sackville-West <andrew@farwestbilliards.com> wrote: > > > The potential hole I see in mutt is not actually a hole in mutt but in > > various helpers used by mutt users. For example, many of us use w3m or > > links or some other text browser to dump html messages to plain text > > For that to work, various helper apps would have to be run as root or > with root privileges. Normally i would not suspect a pic or other > 'data' to try and be executable anyway. The exploit would have to be one that gets root privileges through escalation... I seem to recall that there had been some compromises in some image formats that may have escalated privileges, but I don't really know. sql injections are 'data' trying to be executable, aren't they? I know that generally folks aren't trying to "open" sql "attachements" (whatever the hell that might mean) from mutt... Anyway, that's the whole point of an exploit -- providing some _thing_, data or code, that causes a privilege escalation. It doesn't have to be a helper running as root, just a helper that can be exploited in some manner to get a root escalation. At least that's what I understand. A
Attachment:
signature.asc
Description: Digital signature