[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Vulnerability in sourceforge.net

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
From: "Dan Duplito" <danduplito@xxxxxxxxxx>
Date: Thu, 22 Jul 2004 07:36:58 +0800

> nicolas vigier <boklm@xxxxxxxxxxxxxxxx> wrote:
>
> It's not a mis-configuration, this does not allow you to look at any
> secret file, only the files that the user nobody can read.

well, user "nobody" has shell access (/bin/sh) and is allowed read access to 
/etc/passwd file and probably other system files as well.

i'm wondering if the discoverer (Alexander) already informed the authors of the 
app...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Vulnerability in sourceforge.net
  - From: Todd Towles

Prev by Date: RE: [Full-Disclosure] IE
Next by Date: [Full-Disclosure] OFF TOPIC: antisemitic troll
Previous by thread: RE: [Full-Disclosure] Vulnerability in sourceforge.net
Next by thread: RE: [Full-Disclosure] Vulnerability in sourceforge.net
Index(es):
- Date
- Thread