Re: qDefense Advisory: DCForum allows remote read/write/execute

From: adminat_private
Date: Tue Apr 17 2001 - 10:51:44 PDT

Next message: Magnus Bodin: "Eudora file leakage problem (still)"

Previous message: Georgi Guninski: "Re: Double clicking on innocent looking files may be dangerous"
In reply to: Franklin DeMatto: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Next in thread: MegaZone: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> Sorry for not clarifying.  This is another vulnerability.  The patch made
> DOES NOT fix this vulnerability.
> The CGISecurity hole only allowed read, not execute, and the patch did not
> affect the az field.


The following information is correct. The hole we found effected the forum= field.
It only allowed remote file viewing and also had a nasty Denial of service effect
which caused a rm -rf effect to whatever dir the script itself was stored.
(Hopefully that part doesn't effect this new bug)

- zenomorph

Next message: Magnus Bodin: "Eudora file leakage problem (still)"
Previous message: Georgi Guninski: "Re: Double clicking on innocent looking files may be dangerous"
In reply to: Franklin DeMatto: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Next in thread: MegaZone: "Re: qDefense Advisory: DCForum allows remote read/write/execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 00:41:51 PDT