On Thu, 2007-11-29 at 23:19 +0100, Valdis.Kletnieks@xxxxxx wrote: > On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said: > > In order to exploit this vulnerability you need to force victim to run > > attacker-supplied BAT file. It's like forcing user to run > > attacker-supplied .sh script under Unix. > > And oddly enough, the *very next mail* from Bugtraq said: > > > FreeBSD-SA-07:10.gtar Security Advisory > > The FreeBSD Project > > > Topic: gtar directory traversal vulnerability > ... > > III. Impact > > > An attacker who can convince an user to extract a specially crafted > > archive can overwrite arbitrary files with the permissions of the user > > running gtar. If that user is root, the attacker can overwrite any > > file on the system. > > Apparently, somebody at FreeBSD thinks "can be exploited if you trick the > user into doing something" is a valid attack vector. Considering most tar versions have specific protections to avoid this very problem (namely, tar extracting a file outside of the directory hierarchy where it is executed), then yes, it is a problem. Even if you happen to think the root cause of all computing evil is what is between the chair and the keyboard, trojans are a valid attack vector. -- Vincent ARCHER Email: archer@xxxxxxxxx All men are mortal. Socrates was mortal. Therefore, all men are Socrates. (Woody Allen)