oss-sec mailing list archives
Re: update on CVE-2008-5718
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 28 Jan 2009 10:14:59 -0500 (EST)
On Wed, 28 Jan 2009, Thomas Biege wrote:
I was thinking about that case too but it might not work because we escape the space.
This would limit the impact to whatever a single command-line switch can do for whatever command is being invoked. Probably some programs accept a "-stdin" switch and thus would hang forever waiting to read input, as an example. - Steve
Current thread:
- update on CVE-2008-5718 Nico Golde (Jan 13)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
- Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
- Re: update on CVE-2008-5718 Nico Golde (Jan 14)
- Re: update on CVE-2008-5718 Nico Golde (Jan 28)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)