On 01/19/2012 12:05 PM, Eugene Teo wrote:
On 01/19/2012 04:43 AM, Kees Cook wrote:
What's the problem with the old logic in the mem handling? (Why does this
need a CVE?)
This is a possible local privilege escalation issue on a system with
ASLR disabled, combined with other exploitation techniques.
Detailed information can be found here,