lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3D33679B.3050707@bokeoa.com>
From: core at bokeoa.com (Charles 'core' Stevenson)
Subject: Sharutils buggy?

Well you could check out some e-mail programs etc... Imagine that an 
attacker sends e-mail to root@...e.host with a uuencoded attachment. The 
attacker has local access to the machine and knows that root's e-mail 
program calls system("uudecode %s",file) would allow the attacker to 
setup the uuencode file in such a fashion as to make this work... 
whether such a case exists is pure speculation. But out of boredom I've 
attached a theorhetical exploit.

peace,
core

martin f krafft wrote:
> I'd like to get some educated thoughts and opinions on a recently found
> potential bug:
> 
>   http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
>   http://online.securityfocus.com/bid/4742
>   http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-049
>   http://www.aerasec.de/security/index.html?lang=en&id=ae-200204-033
>   http://bugs.debian.org/149454
>   http://www.kb.cert.org/vuls/id/336083
> 
> cheers,
> 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: uudecode.sh
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020715/631943bf/uudecode.ksh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ