[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability
From: Ludwig Nussel <ludwig.nussel () suse ! de>
Date: 2010-05-19 13:28:18
Message-ID: 201005191528.18818.ludwig.nussel () suse ! de
[Download RAW message or body]
Solar Designer wrote:
> [...]
> Although I used a somewhat tricky approach in the above exploit,
> eventually making wget overwrite a file, it is also possible to mount
> attacks that do not rely on overwriting any files. Many programs
> support optional startup/config files of fixed/known/guessable names
> that a malicious or compromised server could provide. In fact, I've
> just demonstrated this attack against wget itself, but it could also
> work against another program.
>
> Is this more convincing now?
Serving dot files is a neat trick indeed, I've overlooked that
paragraph in the ocert advisory. Nevertheless I'm not convinced it's
worth changing wget's default behavior in the proposed way. So I can
understand upstream here.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic