I don't really think this falls into vulnerability because most software will prompt you before it overwrites any file by default. And if anyone would actually allow their own SSHd binary to be over written deserves to be hacked. And to those who extract an un-trusted archive and set the "don't prompt me" flag, you really need a lesson in 'basic' (very obvious too!) security practices. No pun intended. Regards, drewk~ -----Original Message----- From: Florian Schafferhans [mailto:fs@computer-security.de] Sent: Monday, December 16, 2002 6:41 PM To: bugtraq@securityfocus.com Subject: Directory traversal vulnerabilities in several archivers processing .tar Subject Directory traversal vulnerabilities in several archivers processing .tar files [ email... blah blah blah blah ]
