On 15 Jan 2002, l0rt wrote: > Program : ddd > OS : Linux > DISTRO : RedHat 7.1 > Issue : 0x41414141 (no core tho) > Home Page: http://www.gnu.org/software/ddd/ > suid : No > sgid : No > Issue : ddd may be called by an suid helper binary and could be > exploited to gain local root access. Why the hell would anyone ever want to invoke a *debugger* frontend via a setuid helper?! Anyone stupid enough to do anything like that would create multiple security holes an order of magnitude bigger than this little buffer overflow in ddd! --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 00:38:44 PST