lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070104153454.30725.qmail@securityfocus.com> Date: 4 Jan 2007 15:34:54 -0000 From: bogdan@...ce-system.ro To: bugtraq@...urityfocus.com Subject: Re: SMS handling OpenSER remote code executing Thanks for report. I just applied an fix for both the latest stable version (1.1.0) and the development version (1.2.0). Not sure if code injection is possible as the maximum overflow is of 5 bytes, guess not long enough to encode an instruction. Regards, Bogdan