Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 16 Jul 2008 13:48:55 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: byacc


======================================================
Name: CVE-2008-3196
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3196
Reference: MLIST:[openbsd-cvs] 20080708 CVS: cvs.openbsd.org: src
Reference: URL:http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2
Reference: MLIST:[openbsd-cvs] 20080708 Re: CVS: cvs.openbsd.org: src
Reference: URL:http://marc.info/?l=openbsd-cvs&m=121553036432044&w=2

skeleton.c in yacc does not properly handle reduction of a rule with
an empty right hand side, which allows context-dependent attackers to
cause an out-of-bounds stack access when the yacc stack pointer points
to the end of the stack.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux