oss-sec mailing list archives
Re: CVE request: lynx (old) .mailcap handling flaw
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 29 Oct 2008 17:22:26 +0100
Hi Tavis! On Wed, 29 Oct 2008 12:45:57 +0000 Tavis Ormandy <taviso () sdf lonestar org> wrote:
Well obviously. The attack would be convincing someone to debug an application with a testcase provided in a tarball
Correct, I should have listed that before as separate case for gdb / valgrind. But is there any good way to protect against this without crippling this feature completely?
or to debug something in a specific directory.
That should be covered by previously mentioned 2).
If you just dumped one in /tmp on a system I use and waited a few weeks, there's a strong possibility you would pwn me.
... looks like I should check whether sdf still offers free shell accounts ;).
Of course, guess who reported that ;-) (me).
Correct, again... CVE-2005-1705 http://bugs.gentoo.org/show_bug.cgi?id=88398 Note to self: Do more research before trying to teach old dog ^W^W Tavis some new ^W really really old tricks... ;) I'll shut up now... -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 25)
- Re: CVE request: lynx (old) .mailcap handling flaw Steven M. Christey (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 29)
- Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 29)
- Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)