lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3D336984.7050607@bokeoa.com>
From: core at bokeoa.com (Charles 'core' Stevenson)
Subject: Sharutils buggy?

Actually it uses the full path.. at least on debian.. see previously 
attached concept exploit. Of course I had to create a retarded mail 
program that simply rand uudecode on the attachment. ;)

peace,
core

Roland Postle wrote:
> The problem seems to be that by default uudecode uses as the output filename
> the same filename used when the file was uuencoded. The fix is apparently to
> stop it following symbolic links. So an attacker couldn't uuencode with a
> filename that was in the /tmp directory. Then link the file in the tmp
> directory to whatever they wanted. My guess is you can't specify an absolute
> path (or ../) in the filename, and the assumption is that lots of people
> extract these files in the tmp directory where malicous symbolic links might
> reside.
> 
> Regardless it's not a 'grave' security problem as some people have said. And
> no, Uuencode isn't (or shouldn't be) suid/sgid before you ask.
> 
> - Blazde
> 
> ----- Original Message -----
> From: "martin f krafft" <madduck@...duck.net>
> To: "full-disclosure people" <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, July 16, 2002 12:24 AM
> Subject: [Full-Disclosure] Sharutils buggy?
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Full-Disclosure@...ts.netsys.com
> http://lists.netsys.com/mailman/listinfo/full-disclosure
> 
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ