Date: Fri, 29 Jan 2016 15:52:26 -0500 From: anarcat <anarcat@...ngeseeds.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: out-of-bounds write with cpio 2.11 I can't actually reproduce this on Debian, which runs 2.11 all the way back to squeeze: (gdb) run -i < ../overflow.cpio Starting program: /bin/cpio -i < ../overflow.cpio [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". /bin/cpio: Malformed number0000000 /bin/cpio: warning: skipped 8 bytes of junk /bin/cpio: Substituting `.' for empty member name /bin/cpio: . not created: newer or same age version exists /bin/cpio: premature end of file [Inferior 1 (process 191) exited with code 02] Did i miss something? a. -- The United States is a nation of laws: badly written and randomly enforced. - Frank Zappa
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.