|
|
BugTraq
Directory traversal vulnerabilities in several archivers processing .tar Dec 16 2002 11:40PM Florian Schafferhans (fs computer-security de) (2 replies) RE: Directory traversal vulnerabilities in several archivers processing .tar Dec 18 2002 05:18AM Andrew Kopp (drewk nexed net) (2 replies) RE: Directory traversal vulnerabilities in several archivers processing .tar Dec 20 2002 02:36PM konto mailingowe (maillists black punkt pl) Re: Directory traversal vulnerabilities in several archivers processing .tar Dec 17 2002 05:54PM der Mouse (mouse Rodents Montreal QC CA) |
|
Privacy Statement |
for example, the breakins at the BSD and Sendmail sites.
Trusting directory traversal strings (absolute paths and ../) should
require an explicit request on the part of the user. Just because a
user 'should' be wary of a trojan archive doesn't mean that they
always will be.
Andrew Kopp wrote:
....
> And to those who extract an un-trusted archive and set the "don't prompt
> me" flag, you really need a lesson in 'basic' (very obvious too!)
> security practices.
--
Stephen Samuel +1(604)876-0426 samuel (at) bcgreen (dot) com [email concealed]
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.
[ reply ]