Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: CVE-Request - pen issues
From: Steve Kemp <steve () steve org uk>
Date: Fri, 14 Mar 2014 06:24:34 +0000

webfile = "/tmp/webfile.html";
2> /tmp/penctl.cgi
Use CVE-2014-2387 for both issues involving files in the /tmp directory.

  Thanks.

Furthermore, the example in question:

  sudo pen 4444 localhost:9000 -C 127.0.0.1:5043

suggests that the person is aware that "a control port" means a TCP
port, not some other type of port with obvious permission-based
restrictions. 

  Noted, thanks.  It seems the author is going to migrate to a 
 unix domain socket in the future, to ease restrictions in the future.

Steve
-- 
http://www.steve.org.uk/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault