lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 22 Jan 2004 09:08:07 +0100 (CET)
From: Thomas Biege <thomas@...e.de>
To: bugtraq@...urityfocus.com
Cc: Rene <l0om@...luded.org>
Subject: Re: [SuSE 9.0] possible symlink attacks in some scripts


>greetings,

Hello.

>i have done a litte reseach on a SuSE linux 9.0 box
>for possible symlink attacks. i have checked nearly
>every script i could found on the system. i havent
>found much and nothing very special.

Good.


>i dont have a
>clue if the following scripts are somewhere on the
>system executed but maybe someone useses them in a
>script or something like that.

We will fix the bugs you found, but it's always nicer
to contact us before you go public with bug-reports.
Just write an eMail to security@...e.de and you will
get an answer after a few hours or less.


Bye,
     Thomas
-- 
  Thomas Biege <thomas@...e.de>, SUSE LINUX AG, Security Support & Auditing
--
# If you have the "driftnet" program installed, webcollage can display a
# collage of images sniffed off your local ethernet, instead of pulled out
# of search engines: in that way, your screensaver can display the images
# that your co-workers are downloading!
                                          -- xscreensaver source-code

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ