Full Disclosure mailing list archives

Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal

From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Tue, 23 Aug 2005 15:02:45 -0400

That is a patch for my vulnerability from 2 months ago...
http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt
http://www.digitalmunition.com/virobot_ex.pl

Hopefully you didn't miss the advisory. =]
-KF

This vendor page is titled "ViRobot Unix/Linux Server Security
Vulnerability Patch."

However, it goes on to describe a buffer overflow problem:

 1. Patch for Buffer Over Flow Vulnerability
 - Vulnerability Type
 : Buffer Over Flow

 - Introduction to Patch
 : Vulnerability Patch for BOF(Buffer Over Flow) via HTTP_COOKIE


There is no mention of directory traversal.

This inconsistency makes it unclear whether HAURI has specifically
fixed the directory traversal issue, and in addition it mentions
another potentially more serious issue that has likely been missed by
most advisory readers.

- Steve
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Secunia Research (Aug 19)
- <Possible follow-ups>
- Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Andreas Marx (Aug 21)
- Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Steven M. Christey (Aug 23)
  - Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal KF (lists) (Aug 23)
    - Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Steven M. Christey (Aug 23)
  - Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal KF (lists) (Aug 23)
    - Re: Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal Mark Sec (Aug 23)