Re: Fw.: From Linux.com

From: Miguel de Icaza <miguel gnu org>
To: kenneth ripen dk
CC: gnome-devel-list gnome org, recipient list not shown: ;
Subject: Re: Fw.: From Linux.com
Date: Tue, 28 Sep 1999 16:41:26 -0500


>     Virtually any program using the GNOME libraries is vulnerable to a
> buffer overflow attack.  The attack comes in the form:
> 
> /path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer

This was:

     1. a bug in the old esound libraries, does not affect 1.0.40
     2. It was only found in Mandrake, as they shipped a setuid gnome
        app.  Which is a no=no

Miguel

References:
- Fw.: From Linux.com
  - From: Kenneth lléphaane Christiansen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]