Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock

From: David Wagner (dawat_private)
Date: Wed Sep 01 1999 - 21:48:27 PDT

Next message: pbat_private: "Re: ProFTPD"

Previous message: Valdis.Kletnieksat_private: "Re: Stack Shield: defending from "stack smashing" attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <14282.6738.523996.809083at_private>,
Norbert Warmuth  <nwarmuthat_private> wrote:
> An off-by-one error, hardly to exploit especially since the value written
> is always '\0'.

Relying on that to protect you may not be prudent.  See
  http://www.geog.ubc.ca/snag/bugtraq/msg03213.html
for an example of an off-by-one error which only allowed to write a '\0'
yet was exploited in the field (!).

Next message: pbat_private: "Re: ProFTPD"
Previous message: Valdis.Kletnieksat_private: "Re: Stack Shield: defending from "stack smashing" attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:41 PDT