Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 14 Mar 2014 06:24:34 +0000
From: Steve Kemp <steve@...ve.org.uk>
To: oss-security@...ts.openwall.com
Cc: 
Subject: Re: Re: CVE-Request - pen issues

> > webfile = "/tmp/webfile.html";
> > 2> /tmp/penctl.cgi
> Use CVE-2014-2387 for both issues involving files in the /tmp directory.

  Thanks.

> Furthermore, the example in question:
> 
>   sudo pen 4444 localhost:9000 -C 127.0.0.1:5043
> 
> suggests that the person is aware that "a control port" means a TCP
> port, not some other type of port with obvious permission-based
> restrictions. 

  Noted, thanks.  It seems the author is going to migrate to a 
 unix domain socket in the future, to ease restrictions in the future.

Steve
-- 
http://www.steve.org.uk/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ