Full Disclosure mailing list archives
-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes
From: pwicks () oxygen com
Date: Thu, 16 Mar 2006 18:37:55 +0000 (GMT)
-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Background 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ This issue had no background. 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2. Description 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remote exploitation of a directory traversal vulnerability in Apple iTunes could allow attackers to overwrite or view arbitrary files with user-supplied contents. 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. Vendor Response 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ Apple iTunes has extended no identified information regarding this issue at hand. 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appendix A Vendor Information 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.apple.com/itunes/ 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appendix B References 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ RFC 6496 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contact 8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~ James Patterson Wicks lolville () spam la 1-888-565-9428 GSAE CCE CEH SSP-MPA GIPS GHTQ GWAS SSCP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- -ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes pwicks (Mar 16)