|
Vulnerability Development
mailing list archives
Killing Thread (New bugs discovered!)
From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 19 Nov 2001 14:21:17 -0800
OK, I think we've had enough check-in on this one. Clearly, there is
a problem with the older version of gzip, which Slackware is still
shipping. It looks like patches are widely used elsewhere, whether
they're official or not. A couple of people chimed in that a Solaris
box or two gave the segfault, including Solaris 8. I'd like to see
one or two posts on that indicating whether that was from the Sun
additional software CD, or from sunfreeware, or self-compiled or what.
I.e. if Sun is shipping the bad version, I want that documented.
People often send messages (which I rarely approve) about why we're
having a discussion about something that isn't setuid/setgid. The
original poster outlines one scenario. There are others. I'm not opposed
to allowing the occasion discussion about these kinds of bugs, especially
if it's a common util.
So, except for the Sun question above, or if someone writes an "exploit"
for
this, or if someone wants to contribute another scenarion where extra
privs can be gained, I'll close this thread.
BB
 By Date 
By Thread
Current thread:
- Killing Thread (New bugs discovered!) Blue Boar (Nov 19)
|
Intro
