Bug in Eupload

From: [Zero_Byte] (zero_byte@interlap.com.ar)
Date: Wed Jul 31 2002 - 01:16:44 CEST

Previous message: security@caldera.com: "Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

People,
       Hi! I found a bug in the Eupload CGI, and I written a little
       paper with the explanation, explotation and solution.
       In fact everything would be solved with making chmod "0", but in
       the 90% it is not used; reason why it is easily exploitable.

I hope they enjoy it.

P.S: I apologize for my poor English; I am Argentinean and
I don't use it very well.

Greetings
Zero_Byte mailto:zero_byte@interlap.com.ar

------------------------------------
[Zero_Byte] zerobyte@agujero.com
El Agujero Negro. Secretos en la red.
==> http://agujero.com <==
------------------------------------
http://listas.agujero.com/lista/oscuro/alta
SUSCRIBETE!

text/plain attachment: Bug_in_Eupload.txt

Previous message: security@caldera.com: "Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Jul 31 2002 - 06:32:53 CEST