| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <416BA118.8070501@cc.kuleuven.ac.be> From: rik.bobbaers at cc.kuleuven.ac.be (Harry de Grote) Subject: unarj dir-transversal bug (../../../..) doubles@...h.com wrote: > dis is powerfull security whole! im writting a exploit for it right now > in visual cobol! > > czech this out:: > > http://www.security.nnov.ru/search/news.asp?binid=1320 > http://www.securityfocus.com/bid/5835/info/ > http://www.securityfocus.com/bid/7550/info/ > http://rhn.redhat.com/errata/RHSA-2002-096.html > http://www.debian.org/security/2003/dsa-344 > http://www.2600.com it's over 1 year old! and it's your own fault if you fall for it, normally , you dry-run it first, then you see something fishy is going on. btw... what's there to exploit??? just take a modified bash (sh) that opens a rootshell, and overwrite it! djies... you skidds never seem to learn ;) you really didn't invent the light, you know... -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@...kuleuven.ac.be -=- http://harry.ulyssis.org "\x41\x20\x63\x6f\x6d\x70\x75\x74\x65\x72\x20\x77\x69\x74\x68\x6f\x75\x74\x20" "\x57\x69\x6e\x64\x6f\x77\x73\x20\x69\x73\x20\x6c\x69\x6b\x65\x20\x61\x20\x66" "\x69\x73\x68\x20\x77\x69\x74\x68\x6f\x75\x74\x20\x61\x20\x62\x69\x63\x79\x63" "\x6c\x65\x0a\x00"
Powered by blists - more mailing lists