[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Apr 2009 14:21:05 +0200
From: Andreas Bogk <andreas@...reas.org>
To: Marcus Meissner <meissner@...e.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux Kernel CIFS Vulnerability
Marcus Meissner schrieb:
>> fixing a remotely exploitable buffer overflow vulnerability in the
>> CIFS protocol.
> assuming a malicious server.
Right. And assuming you can get the user to click on a link like
smb://naked-teenage-girls-with-horses.evilhaxxx0r.com/
Unfortunately, this is a realistic attack scenario.
> Even we as Linux distributors should probably set some people up to
> study the .stable releases for such things.
I think you absolutely have to, if you want to provide professional
services to customers. As if you hadn't enough work to do already...
Andreas
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists