| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: core at bokeoa.com (Charles 'core' Stevenson) Subject: Sharutils buggy? That's just plan evil Peter! ;) peace, core Peter Bieringer wrote: > > --On Tuesday, July 16, 2002 01:24:30 AM +0200 martin f krafft > <madduck@...duck.net> wrote: > > >>I'd like to get some educated thoughts and opinions on a recently >>found potential bug: >> >> http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-037 >> http://online.securityfocus.com/bid/4742 >> http://www.aerasec.de/security/index.html?lang=en&id=ae-200205-049 >> http://www.aerasec.de/security/index.html?lang=en&id=ae-200204-033 >> http://bugs.debian.org/149454 >> http://www.kb.cert.org/vuls/id/336083 > > > One additial memo: > > The original advisory and afaik the fixed version from RHL still not > metioned that devices also are candidates for overwriting. > > Think about > > begin 666 /dev/hda > ... > > > Peter > > _______________________________________________ > Full-Disclosure - We believe in it. > Full-Disclosure@...ts.netsys.com > http://lists.netsys.com/mailman/listinfo/full-disclosure > >
Powered by blists - more mailing lists