Re: ekg insecure temporary file creation and arbitrary code execution
- To: ZATAZ Audits <exploits@xxxxxxxxx>
- Subject: Re: ekg insecure temporary file creation and arbitrary code execution
- From: Adam Wysocki <gophi@xxxxxxxxx>
- Date: Wed, 6 Jul 2005 22:05:09 +0200 (CEST)
- Cc: vuldb@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, vuln@xxxxxxxxxx, moderators@xxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, xforce@xxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- In-reply-to: <42CA2DDB.5030606@xxxxxxxxx>
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- References: <42CA2DDB.5030606@xxxxxxxxx>
05.07.05 exploits@xxxxxxxxx wrote:
> Vendor informed: yes
Hi,
What do you understand by "Vendor informed"? We haven't received any
email from you neither to private addresses nor ekg-users/ekg-devel
mailing lists. Please also note that the script you pointed at is
contributed by a third-party author and isn't part of ekg itself,
neither is installed by default.
Greetings,
Adam Wysocki
ekg team
--
Adam Wysocki * http://www.gophi.rotfl.pl/ * GG 1234 * Fido 2:480/138