Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Jan 2015 16:00:36 -0800
From: Qualys Security Advisory <qsa@...lys.com>
To: endrazine <endrazine@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: GHOST gethostbyname() heap overflow in glibc
 (CVE-2015-0235)

On Tue, Jan 27, 2015 at 02:03:10PM -0800, endrazine wrote:
> There is an obvious stack overflow in Qualys' GHOST.c poc : the name buffer
> is 10 bytes long and 900+ bytes of data are copied to it. This is

???

-- 
QSA

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ