Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Sharutils buggy?
From: full-disclosure () lists netsys com (Charles 'core' Stevenson)
Date: Tue, 16 Jul 2002 05:00:56 -0600

That's just plan evil Peter! ;)

peace,
core

Peter Bieringer wrote:

--On Tuesday, July 16, 2002 01:24:30 AM +0200 martin f krafft
<madduck () madduck net> wrote:


I'd like to get some educated thoughts and opinions on a recently
found potential bug:

 http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037
 http://online.securityfocus.com/bid/4742
 http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-049
 http://www.aerasec.de/security/index.html?lang=en&id=ae-200204-033
 http://bugs.debian.org/149454
 http://www.kb.cert.org/vuls/id/336083


One additial memo:

The original advisory and afaik the fixed version from RHL still not
metioned that devices also are candidates for overwriting.

Think about

begin 666 /dev/hda
...


        Peter

_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure () lists netsys com
http://lists.netsys.com/mailman/listinfo/full-disclosure






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]