Hi.
I'm not quite sure of your question...
The DoS can be carried out remotely, however one mitigating factor (which
makes it a low risk as opposed to sirens and alarms...) is that its turned
off by default - you have to explicitly enable it under "Remote Management"
on the device if you want to access it/carry out the DoS over the Internet.
However, it is worth noting that anyone on your LAN can *remotely* carry out
this attack regardless of this management feature being on/off.
TN> Hi.
TN> I'm not quite sure of your question...
TN> The DoS can be carried out remotely, however one mitigating factor (which
TN> makes it a low risk as opposed to sirens and alarms...) is that its turned
TN> off by default - you have to explicitly enable it under "Remote Management"
TN> on the device if you want to access it/carry out the DoS over the Internet.
TN> However, it is worth noting that anyone on your LAN can *remotely* carry out
TN> this attack regardless of this management feature being on/off.
phpMyAdmin version 2.11.1.1 was released to fix this, along with a
security announcement:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5
which contains a mitigating factor:
"We could only trigger it when using Internet Explorer with the 'send
URLs as UTF8' setting disabled. The default value of this setting being
'enabled' reduces the impact of this problem."
> permissions in the background, using /proc filesystem.
>
> guest@toy:~$ bash 3< /tmp/my_priv/unwritable_file
Although having an already open handle to the file is kind of cheating. :-)
(well, it isn't, but I think it's a mitigating factor).
> # ...until we take a way around it with /proc filesystem. Oops.
> guest@toy:/tmp/my_priv$ echo got you > /proc/self/fd/3
But I understand that the check on the parent directory of the file for
