Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
--==_Exmh_1196374789_2822P
Content-Type: text/plain; charset=us-ascii
On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said:
> In order to exploit this vulnerability you need to force victim to run
> attacker-supplied BAT file. It's like forcing user to run
> attacker-supplied .sh script under Unix.
And oddly enough, the *very next mail* from Bugtraq said:
> FreeBSD-SA-07:10.gtar Security Advisory
> The FreeBSD Project
> Topic: gtar directory traversal vulnerability
....
> III. Impact
> An attacker who can convince an user to extract a specially crafted
> archive can overwrite arbitrary files with the permissions of the user
> running gtar. If that user is root, the attacker can overwrite any
> file on the system.
Apparently, somebody at FreeBSD thinks "can be exploited if you trick the
user into doing something" is a valid attack vector.
--==_Exmh_1196374789_2822P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHTzsFcC3lWbTT17ARAruYAJ9BrX43uGuAS4fLRSaXkf/p68hS5gCfXe3C
FFSe58SoIwYNH+N+hjebjSA=
=h4PB
-----END PGP SIGNATURE-----
--==_Exmh_1196374789_2822P--
討論串 (同標題文章)
完整討論串 (本文為第 3 之 5 篇):