RE: Directory traversal vulnerabilities in several archivers processing .tar

From: Andrew Kopp (drewkat_private)
Date: Tue Dec 17 2002 - 21:18:43 PST

Next message: Andreas Beck: "BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package"

Previous message: Pry: "Historic blackhat archives exposed"
In reply to: Florian Schafferhans: "Directory traversal vulnerabilities in several archivers processing .tar"
Next in thread: Stephen Samuel: "Re: Directory traversal vulnerabilities in several archivers processing .tar"
Reply: Stephen Samuel: "Re: Directory traversal vulnerabilities in several archivers processing .tar"
Reply: konto mailingowe: "RE: Directory traversal vulnerabilities in several archivers processing .tar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't really think this falls into vulnerability because most software
will prompt you before it overwrites any file by default. And if anyone
would actually allow their own SSHd binary to be over written deserves
to be hacked.

And to those who extract an un-trusted archive and set the "don't prompt
me" flag, you really need a lesson in 'basic' (very obvious too!)
security practices.

No pun intended.



Regards,


drewk~



-----Original Message-----
From: Florian Schafferhans [mailto:fs@computer-security.de] 
Sent: Monday, December 16, 2002 6:41 PM
To: bugtraqat_private
Subject: Directory traversal vulnerabilities in several archivers
processing .tar



Subject

  Directory traversal vulnerabilities in several
archivers processing .tar
 files


[ email... blah blah blah blah ]

Next message: Andreas Beck: "BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package"
Previous message: Pry: "Historic blackhat archives exposed"
In reply to: Florian Schafferhans: "Directory traversal vulnerabilities in several archivers processing .tar"
Next in thread: Stephen Samuel: "Re: Directory traversal vulnerabilities in several archivers processing .tar"
Reply: Stephen Samuel: "Re: Directory traversal vulnerabilities in several archivers processing .tar"
Reply: konto mailingowe: "RE: Directory traversal vulnerabilities in several archivers processing .tar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 09 2003 - 10:06:51 PST