oss-sec mailing list archives
Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 19 May 2010 15:28:18 +0200
Solar Designer wrote:
[...] Although I used a somewhat tricky approach in the above exploit, eventually making wget overwrite a file, it is also possible to mount attacks that do not rely on overwriting any files. Many programs support optional startup/config files of fixed/known/guessable names that a malicious or compromised server could provide. In fact, I've just demonstrated this attack against wget itself, but it could also work against another program. Is this more convincing now?
Serving dot files is a neat trick indeed, I've overlooked that paragraph in the ocert advisory. Nevertheless I'm not convinced it's worth changing wget's default behavior in the proposed way. So I can understand upstream here. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- [oCERT-2010-001] multiple http client unexpected download filename vulnerability Daniele Bianco (May 17)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Florian Weimer (May 17)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Ludwig Nussel (May 18)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Solar Designer (May 18)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Ludwig Nussel (May 19)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Solar Designer (May 19)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Vincent Danen (Jun 10)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Solar Designer (May 20)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Solar Designer (May 20)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Ludwig Nussel (May 18)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Florian Weimer (May 17)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Steven M. Christey (Jun 09)