Security hole in httpd?
ldoolitt at recycle.lbl.gov
ldoolitt at recycle.lbl.gov
Tue Nov 7 14:04:21 PST 2006
On Tue, Nov 07, 2006 at 05:12:20PM -0500, Rich Felker wrote:
> On Tue, Nov 07, 2006 at 01:28:33PM -0500, Rob Landley wrote:
> > Somebody on IRC was a bit concerned about the security hole in httpd:
> > http://bugs.busybox.net/view.php?id=1008
>
> While this is a stupid vuln that should never have been introduced to
> begin with, the severity is..... well if you have passwords stored in
> a world-readable file and expect any degree of security you're fooling
> yourself. :)
My take on this subject, dating from over seven years ago:
http://archive.cert.uni-stuttgart.de/archive/bugtraq/1999/04/msg00121.html
- Larry
More information about the busybox
mailing list