lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200412131414.47635.dr@kyx.net>
Date: Mon, 13 Dec 2004 14:14:47 -0800
From: Dragos Ruiu <dr@....net>
To: tcpdump-workers@...ts.tcpdump.org
Cc: misc@...nbsd.org, security@...ebsd.org, bugtraq@...urityfocus.com
Subject: What's "may have exploitable buffer overflows" mean in tcpdump?


WARNING: The SMB printer may have exploitable buffer overflows!!!

That's what the ./configure script on tcpdump-current warns me about
(re SMB printer).  What exactly does this warning message mean?
If there are overflows, they should be fixed. If they are unfixed the
code should be removed.

If the problem is not identified fully, perhaps a bunch of smart people 
had better start auditing the code. If the intent of this message is to 
start getting people to look at the code then I think an advisory 
would be a better way to do this.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada	May 4-6 2005  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ