Full Disclosure mailing list archives
Re: Symlink vulnerabilities
From: Ferenc Kovacs <tyra3l () gmail com>
Date: Sun, 6 Nov 2011 23:42:35 +0100
On Sun, Nov 6, 2011 at 11:33 PM, xD 0x41 <secn3t () gmail com> wrote:
Nice :) I have put a post about this whole thread on www.crazycoders.com , will add this and props for those involved now :) thx to you, bugs and for others who were involved, also realise that i have now found that bzexe = bzip2 src code, so looking on debian/ubuntu and centos, there is a bzexe or bzip2 on every box,... luckily this issue is patched for both bzip2 and bzexe but know that it is even still being tested now against bunzip2 , on decompressions, but has not been done, only know that the src is same as bzip2 executable binary (linux), again, thx to everyone involved, it got patched within a day wich is what was the aim... Ubuntu is alittle safer ;s cheers. xd
did you get your bananas yet? -- Ferenc Kovács @Tyr43l - http://tyrael.hu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Symlink vulnerabilities xD 0x41 (Nov 06)
- Re: Symlink vulnerabilities Ferenc Kovacs (Nov 06)