Full Disclosure mailing list archives

Re: rPSA-2007-0011-1 wget

From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 25 Jan 2007 11:55:11 -0600 (CST)



        [SNIP]


Description:
    Previous versions of the wget package can crash if they contact a
    malicious FTP server.  No further vulnerability is enabled by this
    minor flaw; system security is not threatened in any way.



Which might well be a good thing eh?  Afterall, if the site is malicious,
better the app die and dump then allow one to prceed to inflict harm upon
ones self?


Thanks,


Ron DuFresne
-- 
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

rPSA-2007-0011-1 wget rPath Update Announcements (Jan 23)
- Re: rPSA-2007-0011-1 wget Ron DuFresne (Jan 25)