So you are willing to guarentee to us that this awk bug will never be exploitable by an attacker in any circumstance? Cool. Oh wait, that's totally bogus. It's this attitude that dooms most software to horrible security issues. Take a hint from OpenBSD, rather then debating whether it is exploitable or not just fix the bug. There's a reason you don't see to many OpenBSD issues on Bugtraq (but lots and lots and lots of Linux/Windows/3rd party software ones). Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html ----- Original Message ----- From: <sekureat_private> To: "Mike Batchelder" <mikebat_private>; "'keoki'" <keokiat_private>; <vuln-devat_private> Sent: Friday, March 15, 2002 11:39 AM Subject: Re: Buffer overflow in awk > Hi, > > In my Debian Potato r5 and Conectiva Linux 7 it worked too! > > But i would ask the some thing, why find a bug in awk and exploit it ? > > 1) It isn't suid root in linux. > 2) doesn't used in web applications > > Then, why exploit it ? > > ps.: sorry for my poor english. > > cheers. > > [ ]'s >
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 15:19:16 PST