| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060316081823.6EDBD1128@lists.grok.org.uk> Date: Thu Mar 16 08:27:30 2006 From: davefd at davewking.com (davefd@...ewking.com) Subject: [ADVISORY] | +Thu Mar 16 03:18:06 EST 2006+ | Directory Transversal in ISC OpenReg [ADVISORY] | +Thu Mar 16 03:18:06 EST 2006+ | Directory Transversal in ISC OpenReg ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1. BACKGROUND ++++++++++++++++++++++++++++++++++++++++++++++++++++++ This product had no background. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2. DESCRIPTION ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remote exploitation of a directory traversal vulnerability in ISC OpenReg could allow attackers to overwrite or view arbitrary files with user-supplied contents. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3. HISTORY ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2-1-2006 - Vendor Notification. 14-2-2006 - Vendor Reply. 16-3-2006 - Public Disclosure. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4. VENDOR RESPONSE ++++++++++++++++++++++++++++++++++++++++++++++++++++++ ISC OpenReg had extended no commentary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5. CVE INFORMATION ++++++++++++++++++++++++++++++++++++++++++++++++++++++ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-989455 to this issue ++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTACT ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Dave King davefd@...ewking.com CEH CSFA GREM SSP-CNSA SSP-MPA GIPS
Powered by blists - more mailing lists