Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Symlink vulnerabilities

From: Ferenc Kovacs <tyra3l () gmail com>
Date: Sun, 6 Nov 2011 23:42:35 +0100
On Sun, Nov 6, 2011 at 11:33 PM, xD 0x41 <secn3t () gmail com> wrote:


Nice :)
I have put a post about this whole thread on www.crazycoders.com ,
will add this and props for those involved now :)
thx to you, bugs and for others who were involved, also realise that i
have now found that bzexe = bzip2 src code, so looking on
debian/ubuntu and centos, there is a bzexe or bzip2 on every box,...
luckily this issue is patched for both bzip2 and bzexe but know that
it is even still being tested now against bunzip2 , on decompressions,
but has not been done, only know that the src is same as bzip2
executable binary (linux), again, thx to everyone involved, it got
patched within a day wich is what was the aim... Ubuntu is alittle
safer ;s
cheers.
xd



did you get your bananas yet?


-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: