I think we are going to find a new era of buffer overflows, not in the daemons themselves but the user utilities that they call. Overflows in non-setuid binaries might be worth cataloging if these binaries are being called by applications that are listening to a socket. This might be a good time to be thinking about what relies on what. On Sun, 18 Nov 2001, vuln-dev wrote: > GOBBLES security is happy to announce the discovery of multiple bugs in > /bin/gzip, which can be exploited remotely with a bit of creativity. > Attached is our advisory on the matter. >
This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 21:39:10 PST