Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 29 Oct 2008 17:22:26 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: taviso@....lonestar.org, coley@...re.org
Subject: Re: CVE request: lynx (old) .mailcap handling flaw

Hi Tavis!

On Wed, 29 Oct 2008 12:45:57 +0000 Tavis Ormandy
<taviso@....lonestar.org> wrote:

> Well obviously. The attack would be convincing someone to debug an
> application with a testcase provided in a tarball

Correct, I should have listed that before as separate case for gdb /
valgrind.  But is there any good way to protect against this without
crippling this feature completely?

> or to debug something in a specific directory.

That should be covered by previously mentioned 2).

> If you just dumped one in /tmp on a system I use and waited a few
> weeks, there's a strong possibility you would pwn me.

... looks like I should check whether sdf still offers free shell
accounts ;).

> Of course, guess who reported that ;-) (me).

Correct, again... CVE-2005-1705
  http://bugs.gentoo.org/show_bug.cgi?id=88398

Note to self: Do more research before trying to teach old dog ^W^W
Tavis some new ^W really really old tricks... ;)

I'll shut up now...

-- 
Tomas Hoger / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux