Date: Fri, 14 Mar 2014 06:24:34 +0000 From: Steve Kemp <steve@...ve.org.uk> To: oss-security@...ts.openwall.com Cc: Subject: Re: Re: CVE-Request - pen issues > > webfile = "/tmp/webfile.html"; > > 2> /tmp/penctl.cgi > Use CVE-2014-2387 for both issues involving files in the /tmp directory. Thanks. > Furthermore, the example in question: > > sudo pen 4444 localhost:9000 -C 127.0.0.1:5043 > > suggests that the person is aware that "a control port" means a TCP > port, not some other type of port with obvious permission-based > restrictions. Noted, thanks. It seems the author is going to migrate to a unix domain socket in the future, to ease restrictions in the future. Steve -- http://www.steve.org.uk/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ