Bugtraq mailing list archives
RE: Directory traversal vulnerabilities in several archivers processing .tar
From: konto mailingowe <maillists () black punkt pl>
Date: 20 Dec 2002 15:36:19 +0100
W liście z śro, 18-12-2002, godz. 06:18, Andrew Kopp pisze:
I don't really think this falls into vulnerability because most software will prompt you before it overwrites any file by default. And if anyone would actually allow their own SSHd binary to be over written deserves to be hacked.
and what about adding files in some specific dirs? e.g. /etc/rc.boot in debian (i mean run-parts)
And to those who extract an un-trusted archive and set the "don't prompt me" flag, you really need a lesson in 'basic' (very obvious too!) security practices. No pun intended. Regards, drewk~ -----Original Message----- From: Florian Schafferhans [mailto:fs () computer-security de] Sent: Monday, December 16, 2002 6:41 PM To: bugtraq () securityfocus com Subject: Directory traversal vulnerabilities in several archivers processing .tar Subject Directory traversal vulnerabilities in several archivers processing .tar files [ email... blah blah blah blah ]
Current thread:
- Directory traversal vulnerabilities in several archivers processing .tar Florian Schafferhans (Dec 17)
- Re: Directory traversal vulnerabilities in several archivers processing .tar der Mouse (Dec 17)
- RE: Directory traversal vulnerabilities in several archivers processing .tar Andrew Kopp (Dec 18)
- Re: Directory traversal vulnerabilities in several archivers processing .tar Stephen Samuel (Dec 19)
- RE: Directory traversal vulnerabilities in several archivers processing .tar konto mailingowe (Dec 20)