[Update] Security hole in CA?!

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Xavier Mertens <xavier_at_rootshell.be>
Date: Thu, 19 Sep 2002 14:09:55 +0200 (CEST)

FYI,
Compaq support acknowledged this problem as a serious security hole!
We escaladed internally.

Regards,
Xavier

--
http://www.rootshell.be
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc
On Thu, 19 Sep 2002, Xavier wrote:
> 
> Hi Gurus,
> 
> I've a box running CA (Tru64 5.1 BL17).
> I open a browser, type:
> 
> http://hostname:7902/../../../../../../etc/passwd
> 
> /etc/passwd file is downoadable!!!
> Already seen this security breach?
> 
> Xavier
> 
> --
> http://www.rootshell.be
> echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc
>

Received on Thu Sep 19 2002 - 12:10:32 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT