Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 27 Jan 2009 09:41:47 +0100
From: Miklos Vajna <vmiklos@...galware.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request -- Linux kernel irda driver buffer
	overflow

On Tue, Jan 27, 2009 at 07:46:27AM +0000, Mark J Cox <mjc@...hat.com> wrote:
> This doesn't seem to have any security implications; it's a single null 
> byte overflow that happens all the time (not under control of an 
> attacker), and from looking at the function that null byte isn't going to 
> overwrite anything that would lead to a security consequence.
> 
> So it looks to me like a bug, no CVE.

Hrm, OK.

Thanks for the correction.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux