| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200410120749.i9C7nslI027455@mailserver2.hushmail.com> From: doubles at hush.com (doubles@...h.com) Subject: unarj dir-transversal bug (../../../..) On Mon, 11 Oct 2004 12:50:20 -0700 Chris Umphress <umphress@...il.com> wrote: > chris@...is:~/test$ arj a test.arj ../../../usr/local/bin/test.txt ya have ''.'' in yar PATH! bwahahahah! >Apart from it removing one "../" from the filename I gave it, it >worked exactly as I expected. dis is powerfull security whole! im writting a exploit for it right now in visual cobol! czech this out:: http://www.security.nnov.ru/search/news.asp?binid=1320 http://www.securityfocus.com/bid/5835/info/ http://www.securityfocus.com/bid/7550/info/ http://rhn.redhat.com/errata/RHSA-2002-096.html http://www.debian.org/security/2003/dsa-344 http://www.2600.com doubles Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists