That is a patch for my vulnerability from 2 months ago... http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt http://www.digitalmunition.com/virobot_ex.pl
Hopefully you didn't miss the advisory. =] -KF
This vendor page is titled "ViRobot Unix/Linux Server Security Vulnerability Patch." However, it goes on to describe a buffer overflow problem: 1. Patch for Buffer Over Flow Vulnerability - Vulnerability Type : Buffer Over Flow - Introduction to Patch : Vulnerability Patch for BOF(Buffer Over Flow) via HTTP_COOKIE There is no mention of directory traversal. This inconsistency makes it unclear whether HAURI has specifically fixed the directory traversal issue, and in addition it mentions another potentially more serious issue that has likely been missed by most advisory readers. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
