Dailydave mailing list archives
Also don't read this post!
From: dave <dave () immunityinc com>
Date: Tue, 28 Jul 2009 16:58:24 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We had someone come in and interview today, and coincidentally I read this weblog post this morning: http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html So of course, as the "interview", he got to sit down with Bas and write it up. Our conclusion was that after 8.04, Ubuntu fixed their stack cookie and made it random (or at some point during 8.10?). The Ubuntu security team is on this list, so they can pipe in with when exactly[1], but I guess the point is this: Assuming you're not using a Gentoo which optimizes out the default GCC protections or say, Ubuntu 8.04 (?), which does not implement proper stack cookies last time we checked, is there any real risk from this "awesome" vulnerability? I haven't personally tested CentOS or Fedora or FreeBSD, but I have to assume they have their stack cookie done right. - -dave [1] Also please to be fixing Java Deserialize Bug! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpvZnAACgkQtehAhL0gherYJwCfai6VhzV4QljK9Lc9DuuMNOJr NusAn3KwG4tTmQO5HbmL6Vs4N8r5LSYl =g7zp -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Also don't read this post! dave (Jul 28)
- Re: Also don't read this post! Kees Cook (Jul 29)