[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock /
From: |
Marc Heuse |
Subject: |
lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd) |
Date: |
Wed, 1 Sep 1999 23:13:01 +0200 (MEST) |
Hi,
this vulnerability was found some weeks ago ... when ( - if - ) will be an
security update available? thanks for your time.
------------------
lynx and telnet://
------------------
Compromise: remote messing with files, maybe more?
Lynx has a problem coming from calling external programs to handle
protocols like telnet://. Example: attempt of viewing 'telnet://-n.rhosts'
URL will result in empty, new and shiny .rhosts file. Unfortunately, as
telnet client has session logging off by default, no idea how to put
something there?
Greets,
Marc
--
Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
address@hidden: address@hidden Function: Security Support & Auditing
"lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C
- lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd),
Marc Heuse <=