W liście z śro, 18-12-2002, godz. 06:18, Andrew Kopp pisze: > I don't really think this falls into vulnerability because most software > will prompt you before it overwrites any file by default. And if anyone > would actually allow their own SSHd binary to be over written deserves > to be hacked. and what about adding files in some specific dirs? e.g. /etc/rc.boot in debian (i mean run-parts) > > And to those who extract an un-trusted archive and set the "don't prompt > me" flag, you really need a lesson in 'basic' (very obvious too!) > security practices. > > No pun intended. > > > > Regards, > > > drewk~ > > > > -----Original Message----- > From: Florian Schafferhans [mailto:fs@computer-security.de] > Sent: Monday, December 16, 2002 6:41 PM > To: bugtraq@securityfocus.com > Subject: Directory traversal vulnerabilities in several archivers > processing .tar > > > > Subject > > Directory traversal vulnerabilities in several > archivers processing .tar > files > > > [ email... blah blah blah blah ] > > > >
