lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 4 Aug 2003 11:33:43 -0600 (MDT)
From: Dave Ahmad <da@...urityfocus.com>
To: bugtraq@...urityfocus.com
Subject: Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)


Originally reported as affecting only WU-FTPD.  It seems that the bug
is in code borrowed from the BSD C library.  NetBSD, FreeBSD and OpenBSD
announcements attached.

David Mirza Ahmad
Symantec

PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB  AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past is for the future.
We must be the winners of the memory war.
Content of type "MESSAGE/RFC822" skipped

View attachment "FreeBSD-SA-03:08.realpath" of type "TEXT/PLAIN" (12819 bytes)

View attachment "NetBSD-SA2003-011.txt.asc" of type "TEXT/PLAIN" (6334 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ