lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3EFC7806.5070905@tripbit.org>
Date: Fri, 27 Jun 2003 18:59:50 +0200
From: "Rushjo@...pbit.org" <rushjo@...pbit.org>
To: bugtraq@...urityfocus.com
Subject: Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server
 2


Hi akcess,


thx for your feedback. But not all of your comments are right.
First I wrote this in the advisory:

[qoute]
The vendor has reportedly been notified. But the vendor told us that is
an old bug. We don't think so.
[/ qoute]

Alright perhaps next time it will be better to mention the url of the
old bug. And of course it is an "another form of the old bug" but did
you really read the old advisory? For example the recommended solution?

[quote]
* taken from http://securityfocus.com/archive/1/318775 *

.....:[ Vendor Status :

14/04/03 Initial Contact Made
15/04/03 Vendor Responded
15/04/03 Vendor Released Updated Version

.....:[ Solution :

Remove old iWeb application and download and install the updated
version which can be found at:

http://ashleybrown.co.uk/downloads/iws2.exe
[/qoute]

And this is the point. We tested the "safe" iWeb Server2 and still found
this bug. So we don't think that it is fixed. Because of the reaction of
the vendor we deceided to post this here.

And of course thanks for hints to posidron's "work". He "rebuilded" this 
tool with the help of your hints.


Have a lot of fun

Rushjo




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ