Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 6 Oct 2008 17:39:43 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: data-destroiny malfunction: is that a "security" issue

Hi Hanno,
* Hanno Böck <hanno@...eck.de> [2008-10-06 17:23]:
> Today some question arised in my mind.
> 
> Preface: I found a bug in obexftp. It has some option -G, which will download 
> a file and afterwards delete it. The problem is, it'll do the second step 
> even if the first failed. So if you have some connection problem on step 1, 
> your file will be gone.
> 
> In my case, as it's the internal memory of a mobile phone, it's probably 
> pretty much impossible to restore without some professional data rescue lab.
> 
> 
> Now, my question: Is this a security issue? Does it deserve a CVE?
[...] 
As this is nothing that can be triggered by an attacker I 
think it's rather a normal application bug or if not a bug 
behaviour that should be documented.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ