From: Xavier Mertens (xavier@rootshell.be)
Date: Thu Sep 19 2002 - 08:09:55 EDT
FYI,
Compaq support acknowledged this problem as a serious security hole!
We escaladed internally.
Regards,
Xavier
-- http://www.rootshell.be echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc On Thu, 19 Sep 2002, Xavier wrote: > > Hi Gurus, > > I've a box running CA (Tru64 5.1 BL17). > I open a browser, type: > > http://hostname:7902/../../../../../../etc/passwd > > /etc/passwd file is downoadable!!! > Already seen this security breach? > > Xavier > > -- > http://www.rootshell.be > echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sb20293A2058554E494Csnlbxq'|dc >
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:53 EDT