oss-sec mailing list archives
Re: CVE id request mercurial:Insufficient input validation
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 1 Jul 2008 10:58:16 +0200
Hi Steve, * Steven M. Christey <coley () linus mitre org> [2008-06-30 21:41]:
Out of curiosity, what attack scenarios exist for this issue? If an attacker has control over the patch already, then code execution on the system already seems likely. Or is the impact mostly limited to "compile farms" and limited-access user accounts?
Yes I agree, the attack scenarios are really limited to systems/people blindly importing patches for example if received via mail. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- Re: CVE id request mercurial:Insufficient input validation Nico Golde (Jul 01)