| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <430B72D5.4020601@digitalmunition.com> Date: Tue Aug 23 19:54:22 2005 From: kf_lists at digitalmunition.com (KF (lists)) Subject: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal That is a patch for my vulnerability from 2 months ago... http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt http://www.digitalmunition.com/virobot_ex.pl Hopefully you didn't miss the advisory. =] -KF >This vendor page is titled "ViRobot Unix/Linux Server Security >Vulnerability Patch." > >However, it goes on to describe a buffer overflow problem: > > 1. Patch for Buffer Over Flow Vulnerability > - Vulnerability Type > : Buffer Over Flow > > - Introduction to Patch > : Vulnerability Patch for BOF(Buffer Over Flow) via HTTP_COOKIE > > >There is no mention of directory traversal. > >This inconsistency makes it unclear whether HAURI has specifically >fixed the directory traversal issue, and in addition it mentions >another potentially more serious issue that has likely been missed by >most advisory readers. > >- Steve >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > > >
Powered by blists - more mailing lists