oss-sec mailing list archives
Re: Buffer overflow in /bin/su from UNIX v4
From: Peter Gutmann <pgut001 () cs auckland ac nz>
Date: Sun, 22 Mar 2026 03:23:59 +0000
Solar Designer <solar () openwall com> writes:
I guess because (ir)relevance isn't among criteria for (not) assigning a CVE, and because there may be value in having a non-ambiguous way to refer to historical vulnerabilities for illustration of how the current ones fit in historical context.
... and because it was a bit of fun. Not everything has to be serious, it was nice to see the CISA folks have a sense of humour :-).
The 2025 in this CVE is almost certainly wrong, but I understand that no one had the resources to figure out the year it was first discovered.
They were unable to assign a 1973 CVE so used 2025, the year it was (re-)discovered, instead. Peter.
Current thread:
- Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith (Jan 05)
- Re: Buffer overflow in /bin/su from UNIX v4 Peter Gutmann (Jan 05)
- Re: [External] : [oss-security] Buffer overflow in /bin/su from UNIX v4 Casper Dik (Jan 06)
- Re: Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith (Mar 20)
- Message not available
- Re: Buffer overflow in /bin/su from UNIX v4 kf503bla (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Solar Designer (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Justin Swartz (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Steffen Nurpmeso (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Peter Gutmann (Mar 21)
- Message not available