OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: konto mailingowe (maillists_at_black.punkt.pl)
Date: Fri Dec 20 2002 - 08:36:19 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    W li¶cie z ¶ro, 18-12-2002, godz. 06:18, Andrew Kopp pisze:
    > I don't really think this falls into vulnerability because most software
    > will prompt you before it overwrites any file by default. And if anyone
    > would actually allow their own SSHd binary to be over written deserves
    > to be hacked.

    and what about adding files in some specific dirs? e.g. /etc/rc.boot in
    debian (i mean run-parts)

    >
    > And to those who extract an un-trusted archive and set the "don't prompt
    > me" flag, you really need a lesson in 'basic' (very obvious too!)
    > security practices.
    >
    > No pun intended.
    >
    >
    >
    > Regards,
    >
    >
    > drewk~
    >
    >
    >
    > -----Original Message-----
    > From: Florian Schafferhans [mailto:fscomputer-security.de]
    > Sent: Monday, December 16, 2002 6:41 PM
    > To: bugtraqsecurityfocus.com
    > Subject: Directory traversal vulnerabilities in several archivers
    > processing .tar
    >
    >
    >
    > Subject
    >
    > Directory traversal vulnerabilities in several
    > archivers processing .tar
    > files
    >
    >
    > [ email... blah blah blah blah ]
    >
    >
    >
    >