"Jens Steube" <jsteubeat_private> wrote in message news:1010876960.3c40c220caef8at_private > --[ Bugs ]-- > > Cdrdao doesnt check for permissions when it trys to open a file > as its "toc-file". So it was possible to open all Files on the > System, but it skips the Output on its Error-Message. Maybe it is > possible to trick to read all these Files. I confirm it is possible to read all these files using show-data command. A proof of concept script is attached. -- Guillaume Pelat Security Expert INTEXXIA 171 Av. Georges Clemenceau 92024 NANTERRE CEDEX - FRANCE tel: +33 1 55 69 49 10 fax: +33 1 55 69 78 80 http://www.intexxia.com
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 14:53:30 PST