Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: Buffer Overflow in Super (new)

Re: Buffer Overflow in Super (new)

Ryan Russell (Ryan_RussellSYBASE.COM)
Fri, 26 Feb 1999 09:49:27 -0800

>In sum, items (i) and (ii) ensure that users can't create buffer overflows
>from the command line.  Item (iii) is insurance that users can't
>pass strings that might be confusing to super in some other, unanticipated
>manner.  Item (iv) avoids buffer overflows from user-supplied super.tab
>With apologies for the inconvenience to all,

If any software producers (commercial or freeware) on this list
are paying attention:

I don't think I've ever seen a better response by an author to someone
finding a hole in his/her program.

He did a review of his whole product, closed down potential holes,
did it within a very short period of time, then apologized.

Will, with a response like yours, no apology is neccessary.  Thank
you for an excellent example of how to handle this type of situation.