RE: Directory traversal vulnerabilities in several archivers processing .tar
From: konto mailingowe (maillists@black.punkt.pl)
Date: 12/20/02
- Previous message: Michal Zalewski: "[RAZOR] Problems with mkstemp()"
- In reply to: Andrew Kopp: "RE: Directory traversal vulnerabilities in several archivers processing .tar"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: konto mailingowe <maillists@black.punkt.pl> To: bugtraq@securityfocus.com Date: 20 Dec 2002 15:36:19 +0100
W li¶cie z ¶ro, 18-12-2002, godz. 06:18, Andrew Kopp pisze:
> I don't really think this falls into vulnerability because most software
> will prompt you before it overwrites any file by default. And if anyone
> would actually allow their own SSHd binary to be over written deserves
> to be hacked.
and what about adding files in some specific dirs? e.g. /etc/rc.boot in
debian (i mean run-parts)
>
> And to those who extract an un-trusted archive and set the "don't prompt
> me" flag, you really need a lesson in 'basic' (very obvious too!)
> security practices.
>
> No pun intended.
>
>
>
> Regards,
>
>
> drewk~
>
>
>
> -----Original Message-----
> From: Florian Schafferhans [mailto:fs@computer-security.de]
> Sent: Monday, December 16, 2002 6:41 PM
> To: bugtraq@securityfocus.com
> Subject: Directory traversal vulnerabilities in several archivers
> processing .tar
>
>
>
> Subject
>
> Directory traversal vulnerabilities in several
> archivers processing .tar
> files
>
>
> [ email... blah blah blah blah ]
>
>
>
>
- Next message: Daniel Ahlberg: "GLSA: canna"
- Previous message: Michal Zalewski: "[RAZOR] Problems with mkstemp()"
- In reply to: Andrew Kopp: "RE: Directory traversal vulnerabilities in several archivers processing .tar"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
