Full Disclosure mailing list archives
Re: Administrivia: List Compromised due to Mailman Vulnerability
From: Steve Blass <sblass () asu edu>
Date: Wed, 09 Feb 2005 12:45:19 -0700
John Cartwright wrote:
... Subscriber addresses and passwords have been compromised.
d'0h!
...
SLASH = '/'
def true_path(path):
"Ensure that the path is safe by removing .."
parts = [x for x in path.split(SLASH) if x not in ('.', '..')]
return SLASH.join(parts)[1:]
Fully disclosing that FD was compromised was a stand up thing to do though. Good job!
- Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Administrivia: List Compromised due to Mailman Vulnerability John Cartwright (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Frank Knobbe (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Valdis . Kletnieks (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Frank Knobbe (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Valdis . Kletnieks (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Anders Langworthy (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability bkfsec (Feb 10)
- RE: [lists] Re: Administrivia: List Compromised due to MailmanVulnerability Curt Purdy (Feb 13)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Valdis . Kletnieks (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability Frank Knobbe (Feb 09)
- Re: Administrivia: List Compromised due to Mailman Vulnerability John Cartwright (Feb 10)