|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: binutils buffer overflow
From: Artur Grabowski (art
blahonga.org)
Date: Thu Jun 02 2005 - 06:20:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Alexey E. Suslikov" <crueltexnika.com.ua> writes:
> binutils < 2.16-r1 are vulnerable
>
> http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml
So?
What's the attack vector? You give a random executable to a sysadmin
and ask him to not run it, but instead do a "strings" on it? And ask
him to be so nice and actually do it as root? Wouldn't it be simpler
to just ask him to run it if he's blind enough to not see that you're
trying to do something suspicious?
I just can't imagine a common scenario where this could lead to a
privilege escalation or any other problem, so I don't understand why
this is published in a security advisory or why the word "vulnerable"
is used. Buggy? Of course, everyone know that libbfd is a piece of
crap. But "vulnerable"?
//art
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]