Also don't read this post!

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We had someone come in and interview today, and coincidentally I read
this weblog post this morning:
http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html

So of course, as the "interview", he got to sit down with Bas and write
it up. Our conclusion was that after 8.04, Ubuntu fixed their stack
cookie and made it random (or at some point during 8.10?). The Ubuntu
security team is on this list, so they can pipe in with when exactly[1],
but I guess the point is this:

Assuming you're not using a Gentoo which optimizes out the default GCC
protections or say, Ubuntu 8.04 (?), which does not implement proper
stack cookies last time we checked, is there any real risk from this
"awesome" vulnerability?

I haven't personally tested CentOS or Fedora or FreeBSD, but I have to
assume they have their stack cookie done right.

- -dave
[1] Also please to be fixing Java Deserialize Bug!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpvZnAACgkQtehAhL0gherYJwCfai6VhzV4QljK9Lc9DuuMNOJr
NusAn3KwG4tTmQO5HbmL6Vs4N8r5LSYl
=g7zp
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave