Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 02:58:22 +0100
From: Laël Cellier <>
Subject: Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)

GitHub talks about a simple memory corruption because I was unable to 
proof a ʀᴄᴇ. While I’m sure the affected variables aren’t at the end of 
allocated heap, I definitely lack the required skills to produce a proof 
for remote code execution (I can put arbitrary 
data in paths but I don’t know how to exploit a heap overflow even 
without aslr and dep). Being too lazy, I didn’t get the required mark to 
go at the university which could have taught it (I had to go at an 
another one). So I won’t write it.

If someone is interested in producing such proof … Please do it 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ