Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 01 Sep 2008 10:05:31 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: GNU ed heap overflow

* Tavis Ormandy:

> If you can specify an arbitrary filename, can't you execute commands
> anyway?
>
> $ ed '!ls>&2'
> bin   dev  home  lost+found  misc  net  proc  sbin     srv  tmp  var
> boot  etc  lib   media       mnt   opt  root  selinux  sys  usr
> 0

Interesting.  But this type of command execution is not possible with
"red", which suffers from the same overflow.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ