Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Sep 2017 13:18:46 -0400
From: Luciano Bello <luciano@...ian.org>
To: oss-security@...ts.openwall.com
Cc: team@...urity.debian.org, hosein.askari@....com
Subject: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow

Hi there,
     I'm trying to reproduce this, to check the affected versions
https://www.exploit-db.com/exploits/42652/
     I tried in Debian Sid (4.2.6-1) and Debian Stretch (3.4.4-3) and I
was not able to reproduce the issue. Specially for the later, the fact
that tcprewrite exists normally is puzzling. Hosein (the PoC author)
claims to make it work in 3.4.4 (on Ubuntu 16.04).

Can else somebody confirm this issue?

Thanks, luciano

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ