Steve Langasek <[EMAIL PROTECTED]> writes:
>> Since urlsnarf is usually used on a terminal to have a look at
>> requested URLs in real-time, a malicious attacker could use
>> requests with escape sequences to execute arbitrary code.
>
> By this reasoning, cat would have a grave bug for allowing us
severity 400624 important
thanks
> Since urlsnarf is usually used on a terminal to have a look at
> requested URLs in real-time, a malicious attacker could use requests
> with escape sequences to execute arbitrary code.
By this reasoning, cat would have a grave bug for allowing users to send
untr
Package: dsniff
Version: 2.4b1+debian-15
Severity: important
Tags: patch
urlsnarf directly outputs the user name, URL, Referer-URL, and the
User-Agent string of every HTTP request it sees on the wire, without
any sanitizing. Since it does not escape illegal characters, HTTP
requests containing non
3 matches
Mail list logo
