On 02/04/2015 05:55 PM, Warren Young wrote:
On Feb 4, 2015, at 3:16 PM, Lamar Owen <lowen@xxxxxxxx> wrote:
There have been remotely exploitable vulnerabilities where an arbitrary file could be read
CVEs, please?
CVE-2006-3392 for one. As this one was against Webmin, well, webmin by
nature has to have root access. Yeah, webmin should not be configured
to be accessible from the internet at large, but that's not the point.
Yes, it is an old one, but there are I'm sure other vulnerabilities that
have either not been found or not been published.
And then, a long time ago, in an OS far far away, there was
CVE-2000-0915 (FreeBSD 4.1.1 Finger Arbitrary Remote File Access) where
the advisory text description included the following wording:
"The finger daemon running on the remote host will reveal the contents
of arbitrary files when given a command similar to the following :
finger /etc/passwd@target
Which will return the contents of /etc/passwd."
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
