Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buffer overflow in awk

From: "Kurt Seifried" <bugtraq () seifried org>
Date: Fri, 15 Mar 2002 14:49:27 -0700
So you are willing to guarentee to us that this awk bug will never be
exploitable by an attacker in any circumstance? Cool. Oh wait, that's
totally bogus.

It's this attitude that dooms most software to horrible security issues.
Take a hint from OpenBSD, rather then debating whether it is exploitable or
not just fix the bug. There's a reason you don't see to many OpenBSD issues
on Bugtraq (but lots and lots and lots of Linux/Windows/3rd party software
ones).

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html

----- Original Message -----
From: <sekure () hadrion com br>
To: "Mike Batchelder" <mikeb () counterpane com>; "'keoki'" <keoki () techie com>;
<vuln-dev () securityfocus com>
Sent: Friday, March 15, 2002 11:39 AM
Subject: Re: Buffer overflow in awk



Hi,

In my Debian Potato r5 and Conectiva Linux 7 it worked too!

But i would ask the some thing, why find a bug in awk and exploit it ?

1) It isn't suid root in linux.
2) doesn't used in web applications

Then, why exploit it ?

ps.: sorry for my poor english.

cheers.

[ ]'s
Previous By Date Next
Previous By Thread Next

Current thread: