lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040807153111.GB24390@syjon.fantastyka.net>
Date: Sat, 7 Aug 2004 17:31:11 +0200
From: "Janusz A. Urbanowicz" <alex@...on.fantastyka.net>
To: bugtraq@...urityfocus.com
Subject: Re: GNU/Linux 'info Buffer Overflow

On Fri, Aug 06, 2004 at 11:41:12PM +0200, Niels Bakker wrote:
> /usr/bin/info is not setuid, and I can't think of any way to invoke the
> program where it would allow for privilege escalation.  Why is the
> severity "grave?" Remember that this is bugtraq, about security, not
> the Debian bug tracking system, or texinfo's gnats.

I think that the severity is overstated for Debian BTS too, IMO - and
according to Debian Policy - this should be 'normal' or 'serious' at
highest.

Alex

PS> Niels, your advertised address bounces with virtusertable errors,
I tried to send this offlist first.
-- 
0x46399138

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ