Full Disclosure mailing list archives

-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes

From: pwicks () oxygen com
Date: Thu, 16 Mar 2006 18:37:55 +0000 (GMT)




-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes




8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Background
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
This issue had no background.
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. Description
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remote exploitation of a directory traversal vulnerability in Apple iTunes could allow attackers to overwrite or view 
arbitrary files with user-supplied contents.

8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
3. Vendor Response
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apple iTunes has extended no identified information regarding this issue at hand.
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
Appendix A Vendor Information
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.apple.com/itunes/

8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
Appendix B References
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
RFC 6496

8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contact
8==========================D~~~~~~~~~~~~~~~~~~~~~~~~~~~
James Patterson Wicks lolville () spam la
1-888-565-9428

GSAE CCE CEH SSP-MPA GIPS GHTQ GWAS SSCP 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

-ADVISORY- * +Thu Mar 16 13:37:44 EST 2006+ * Directory Transversal in Apple iTunes pwicks (Mar 16)