Security hole in CA?!

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Xavier <xavier_at_rootshell.be>
Date: Thu, 19 Sep 2002 09:30:39 +0200 (CEST)

Hi Gurus,

I've a box running CA (Tru64 5.1 BL17).
I open a browser, type:

http://hostname:7902/../../../../../../etc/passwd

/etc/passwd file is downoadable!!!
Already seen this security breach?

Xavier

--
http://www.rootshell.be
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc

Received on Thu Sep 19 2002 - 07:31:20 NZST

This message: [ Message body ]
Next message: Arrigo Triulzi: "4.0G latest patches breaks long usernames?"
Previous message: John Gormley: "kzpac single or 3 channel"
Next in thread: Xavier Mertens: "[Update] Security hole in CA?!"
Reply: Xavier Mertens: "[Update] Security hole in CA?!"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT