oss-sec mailing list archives
Re: Re: CVE-Request - pen issues
From: Steve Kemp <steve () steve org uk>
Date: Fri, 14 Mar 2014 06:24:34 +0000
webfile = "/tmp/webfile.html"; 2> /tmp/penctl.cgiUse CVE-2014-2387 for both issues involving files in the /tmp directory.
Thanks.
Furthermore, the example in question: sudo pen 4444 localhost:9000 -C 127.0.0.1:5043 suggests that the person is aware that "a control port" means a TCP port, not some other type of port with obvious permission-based restrictions.
Noted, thanks. It seems the author is going to migrate to a unix domain socket in the future, to ease restrictions in the future. Steve -- http://www.steve.org.uk/
Current thread:
- CVE-Request - pen issues Steve Kemp (Mar 12)
- Re: CVE-Request - pen issues cve-assign (Mar 13)
- <Possible follow-ups>
- Re: Re: CVE-Request - pen issues Steve Kemp (Mar 13)