Home page logo

bugtraq logo Bugtraq mailing list archives

Re: DJB's students release 44 *nix software vulnerability advisories
From: "milw0rm Inc." <milw0rm () gmail com>
Date: Tue, 21 Dec 2004 14:34:20 -0600

Two points.
Regarding local versus remote, look at it this way:  You have a 100%
secure system.  Then you install NASM.  Now a user FROM THE NETWORK can
send you some tainted assembly code for you to assemble and he can
compromise your account.

quote "for you to assemble"

Its a user error.  Your not remotely exploiting anything but the trust
from the user.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]