BugTraq
GNU/Linux 'info Buffer Overflow Aug 06 2004 12:46AM
Josh Martin (skizzles gmail com) (3 replies)
Re: GNU/Linux 'info Buffer Overflow Aug 06 2004 11:09PM
Roman Werpachowski (roman student ifpan edu pl)
Re: GNU/Linux 'info Buffer Overflow Aug 06 2004 09:41PM
Niels Bakker (niels-bugtraq bakker net) (1 replies)
Re: GNU/Linux 'info Buffer Overflow Aug 07 2004 03:31PM
Janusz A. Urbanowicz (alex syjon fantastyka net)
On Fri, Aug 06, 2004 at 11:41:12PM +0200, Niels Bakker wrote:
> /usr/bin/info is not setuid, and I can't think of any way to invoke the
> program where it would allow for privilege escalation. Why is the
> severity "grave?" Remember that this is bugtraq, about security, not
> the Debian bug tracking system, or texinfo's gnats.

I think that the severity is overstated for Debian BTS too, IMO - and
according to Debian Policy - this should be 'normal' or 'serious' at
highest.

Alex

PS> Niels, your advertised address bounces with virtusertable errors,
I tried to send this offlist first.
--
0x46399138

[ reply ]
Re: GNU/Linux 'info Buffer Overflow Aug 06 2004 08:05PM
Valdis Kletnieks vt edu


 

Privacy Statement
Copyright 2010, SecurityFocus