10 Jul
2020
10 Jul
'20
09:38
On Fri, 10 Jul 2020 11:13:13 +0200 Per Jessen per@computer.org wrote:
Lew Wolfgang wrote:
On 07/09/2020 05:37 AM, Per Jessen wrote:
cagsm wrote:
Anyone know how to solve these issues?
For unpacking rar archive, we have 'unrar'. For 7zip, we have 'p7zip'
I have a customer who uses Nessus for security scans and it flags the Leap 15.x p7zip as having vulnerabilities.
What sort of vulnerabilities might there be in such a utility ?
Well it might scan the entire filesystems for poorly set permissions, drop some executable code in one such location and either execute it itself or wait for the poor mutt of the user to execute it, at which point it gains root access via a zero-day and pwns the whole machine.
Assuming we're in a TV universe, of course :)
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org