BugTraq
GNU/Linux 'info Buffer Overflow Aug 06 2004 12:46AM
Josh Martin (skizzles gmail com) (3 replies)
Re: GNU/Linux 'info Buffer Overflow Aug 06 2004 11:09PM
Roman Werpachowski (roman student ifpan edu pl)
Re: GNU/Linux 'info Buffer Overflow Aug 06 2004 09:41PM
Niels Bakker (niels-bugtraq bakker net) (1 replies)
* skizzles (at) gmail (dot) com [email concealed] (Josh Martin) [Fri 06 Aug 2004, 20:51 CEST]:
> Package: info
> Version: 4.7-2.1
> Severity: grave
> Tags: security
> Justification: user security hole
[snip explanation of buffer overflow]

/usr/bin/info is not setuid, and I can't think of any way to invoke the
program where it would allow for privilege escalation. Why is the
severity "grave?" Remember that this is bugtraq, about security, not
the Debian bug tracking system, or texinfo's gnats.

-- Niels.

--
(please change - to = in my From: address when replying, the amount of
bounces otherwise coming back from bugtraq is of epic proportions.)

[ reply ]
Re: GNU/Linux 'info Buffer Overflow Aug 07 2004 03:31PM
Janusz A. Urbanowicz (alex syjon fantastyka net)
Re: GNU/Linux 'info Buffer Overflow Aug 06 2004 08:05PM
Valdis Kletnieks vt edu


 

Privacy Statement
Copyright 2010, SecurityFocus