Full Disclosure mailing list archives
RE: Vulnerability in sourceforge.net
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 22 Jul 2004 07:49:53 -0500
Sounds like they should have configured that page a bit different...made it run under a little less access...or said I say..it is a mis-configuration. =) -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Dan Duplito Sent: Wednesday, July 21, 2004 6:37 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Vulnerability in sourceforge.net
nicolas vigier <boklm () mars-attacks org> wrote: It's not a mis-configuration, this does not allow you to look at any secret file, only the files that the user nobody can read.
well, user "nobody" has shell access (/bin/sh) and is allowed read access to /etc/passwd file and probably other system files as well. i'm wondering if the discoverer (Alexander) already informed the authors of the app... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in sourceforge.net Alexander (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Message not available
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- Re: Vulnerability in sourceforge.net Buick Sk (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- <Possible follow-ups>
- RE: Vulnerability in sourceforge.net Andrew Poodle (Jul 21)
- Re: Vulnerability in sourceforge.net Dan Duplito (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Gregory A. Gilliss (Jul 22)
- Re: Vulnerability in sourceforge.net Jedi/Sector One (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Anders B Jansson (Jul 22)
- Re: Vulnerability in sourceforge.net steve menard (Jul 22)
- Re: Vulnerability in sourceforge.net a (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net J.A. Terranson (Jul 22)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 22)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 25)