lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2147483647.1046770142@[10.210.202.39]>
Date: Tue, 04 Mar 2003 09:29:02 -0800
From: Eric Allman <eric+bugtraq@...dmail.org>
To: bugtraq@...urityfocus.com
Subject: Re: [LSD] Technical analysis of the remote sendmail
 vulnerability


I want to emphasize one of the last sentences in this posting:
``However, we cannot exclude that there does not exist another
execution path in the sendmail code, that could lead to the program
counter overwrite.''  Please don't breath a sigh of relief because
you are running on one of the "does not crash" systems.

Besides direct execution path exploits, there are other variables
that are not pointers that have security implications; finding one of
them within range will be more difficult, but probably not impossible.

Everyone should patch as soon as possible, regardless of platform.

eric


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ