[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU/Linux 'info Buffer Overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: GNU/Linux 'info Buffer Overflow
From: "Janusz A. Urbanowicz" <alex@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 7 Aug 2004 17:31:11 +0200

On Fri, Aug 06, 2004 at 11:41:12PM +0200, Niels Bakker wrote:
> /usr/bin/info is not setuid, and I can't think of any way to invoke the
> program where it would allow for privilege escalation.  Why is the
> severity "grave?" Remember that this is bugtraq, about security, not
> the Debian bug tracking system, or texinfo's gnats.

I think that the severity is overstated for Debian BTS too, IMO - and
according to Debian Policy - this should be 'normal' or 'serious' at
highest.

Alex

PS> Niels, your advertised address bounces with virtusertable errors,
I tried to send this offlist first.
-- 
0x46399138

Attachment: pgp00005.pgp
Description: PGP signature

References:
- GNU/Linux 'info Buffer Overflow
  - From: Josh Martin
- Re: GNU/Linux 'info Buffer Overflow
  - From: Niels Bakker

Prev by Date: Re: Winmx Software making calls to Port 25
Next by Date: Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability
Previous by thread: Re: GNU/Linux 'info Buffer Overflow
Next by thread: Re: GNU/Linux 'info Buffer Overflow
Index(es):
- Date
- Thread