[28247] in bugtraq
RE: Directory traversal vulnerabilities in several archivers processing .tar
daemon@ATHENA.MIT.EDU (Andrew Kopp)
Wed Dec 18 14:55:26 2002
From: "Andrew Kopp" <drewk@nexed.net>
To: <bugtraq@securityfocus.com>
Date: Wed, 18 Dec 2002 00:18:43 -0500
Message-ID: <001c01c2a654$ef78f2e0$0200000a@dec>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20021216234043.19566.qmail@mail.securityfocus.com>
I don't really think this falls into vulnerability because most software
will prompt you before it overwrites any file by default. And if anyone
would actually allow their own SSHd binary to be over written deserves
to be hacked.
And to those who extract an un-trusted archive and set the "don't prompt
me" flag, you really need a lesson in 'basic' (very obvious too!)
security practices.
No pun intended.
Regards,
drewk~
-----Original Message-----
From: Florian Schafferhans [mailto:fs@computer-security.de]
Sent: Monday, December 16, 2002 6:41 PM
To: bugtraq@securityfocus.com
Subject: Directory traversal vulnerabilities in several archivers
processing .tar
Subject
Directory traversal vulnerabilities in several
archivers processing .tar
files
[ email... blah blah blah blah ]
