On Thu, 2002-01-31 at 08:37, ladd harris wrote: > Testing the whois -p i also get a core dump on red > hat 7.1....tried two machines both seem effected. > whether it can be exploited i do not still need to do > more tests...... but what are you going to exploit? i found this bug a while ago, but never reported it because 1) the (newer) whois-1.0.9-1 rpm fixed the problem, and 2) whois isn't setuid. and never needs to be so at most, you're talking about executing code as yourself, which you can do without a buffer overflow. -jon -- jonat_private || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 16:32:24 PST