Date: Mon, 18 Sep 2017 13:18:46 -0400 From: Luciano Bello <luciano@...ian.org> To: oss-security@...ts.openwall.com Cc: team@...urity.debian.org, hosein.askari@....com Subject: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Hi there, I'm trying to reproduce this, to check the affected versions https://www.exploit-db.com/exploits/42652/ I tried in Debian Sid (4.2.6-1) and Debian Stretch (3.4.4-3) and I was not able to reproduce the issue. Specially for the later, the fact that tcprewrite exists normally is puzzling. Hosein (the PoC author) claims to make it work in 3.4.4 (on Ubuntu 16.04). Can else somebody confirm this issue? Thanks, luciano
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ