lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAFANWtXgOk1oiYYOmbDSe+=CTj_f4zx+Z19XzQr+n3n0DF1PSw@mail.gmail.com>
Date: Tue, 13 Mar 2012 18:30:50 -0400
From: Darius Jahandarie <djahandarie@...il.com>
To: Marcus Meissner <meissner@...e.de>
Cc: full-disclosure@...ts.grok.org.uk,
	Christophe Alladoum <Christophe.Alladoum@....fr>
Subject: Re: [iputils] Integer overflow in iputils
 ping/ping6 tools

On Tue, Mar 13, 2012 at 18:17, Marcus Meissner <meissner@...e.de> wrote:
> How is this different from writing a fork bomb?

I could imagine applications which accept ping interval and do not
filter it. That's a class of application which would not be affected
by a fork bomb (since they do not allow execution of arbitrary
commands), but would be affect by this (as long as the user is allowed
to alter the ping interval).

But yes, it seems like a fairly small affected class of applications.
Fun hole though, and no sense in leaving it unpatched.

-- 
Darius Jahandarie

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ