dziury z 5 i 12 VIII 2002

[Michal Moskal]

On Fri, Aug 16, 2002 at 02:24:20PM +0200, Jakub Bogusz wrote:
> > 17. libc
> > 
> >     Vendor: GNU [multiple authors]
> > 
> >     A vulnerability was reported in the GNU libc runtime library,
> >     as well as several C, C++, and Ada compilers and runtime libraries.
> >     The calloc() function and other similar functions contain an
> >     integer overflow that may possibly result in a buffer overflow in a
> >     linked application.
> > 
> >     Impact: Execution of arbitrary code via local system
                                                ^^^^^
> > 
> >     Alert: http://securitytracker.com/alerts/2002/Aug/1004982.html

Ah, no tak. Jak już robią takie advisory, to powinni wiedzieć, że jeśli
to się w ogóle da wykorzystać to remote też :)

-- 
: Michal Moskal ::::: malekith/at/pld-linux.org :  GCS {C,UL}++++$ a? !tv
: PLD Linux ::::::: Wroclaw University, CS Dept :  {E-,w}-- {b++,e}>+++ h