Re: RedHat 5.2 lrzsz-0.12.14-5 have serious security hole

From: Yuri Kuzmenko (yuriat_private)
Date: Mon Nov 30 1998 - 12:16:21 PST

Next message: HD Moore: "iParty can be shut down remotely"

Previous message: Todd C. Campbell: "Re: Netscape Communicator 4.5 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

lrz (Linux ZMODEM file receiver) from lrzsz package have a security hole
with file permission.

lrz create file with 0666 mode (world writable)

File mode set to normal (specifed by other side) only after downloading.

my umask is 022

Next message: HD Moore: "iParty can be shut down remotely"
Previous message: Todd C. Campbell: "Re: Netscape Communicator 4.5 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:24 PDT