lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 May 2013 16:36:55 -0400
From: "Anthony G. Basile" <>
Subject: No Directory Traversal Vulnerability in sthttpd

Hi everyone,

I've gotten reports from a couple of directions now regarding Metropolis 
Hexor's directory traversal attack against thttpd 2.25b [1].  Since I'm 
maintaining sthttpd, a fork of thttpd [2], I thought I'd better let 
people know that the exploit does not affect sthttpd.  Several people 
have tried and just can't trigger it.  sthttpd has about a dozen patches 
that have accumulated over the years (one reason for the fork) and one 
of those is the fix.

Please play with the code base [3] and report problems (or better yet, 
submit patches) and I will address them issues.

I'm not on the list so please cc me.



Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists