Full Disclosure mailing list archives
Re: [USN-45-1] nasm vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 23 Dec 2004 07:53:06 +0100
Hi Todd! Todd Towles [2004-12-22 14:26 -0600]:
So now, I just need to trick a user into running a malicious source file that I assembed and sent him, this makes it much harder.
Although I understand the irony in this, I still think that this is an important issue. Running unknown programs _is_ a different thing than merely compiling/assembling something. For example, Debian's and Ubuntu's autobuilders compile and assemble code all the day, but the compiled code is not actually ran there. The key difference is just that by _running_ a program I expect it to do something, whereas when I _assemble_ a source file, I do not expect it to have any side effects (no system modification apart from writing the output file.
-----Original Message----- From: full-disclosure-bounces () lists netsys com [mailto:full-disclosure-bounces () lists netsys com] On Behalf Of Martin Pitt Sent: Wednesday, December 22, 2004 4:53 AM To: ubuntu-security-announce () lists ubuntu com Cc: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-disclosure] [USN-45-1] nasm vulnerability =========================================================== Ubuntu Security Notice USN-45-1 December 22, 2004 nasm vulnerability CAN-2004-1287 =========================================================== [...]
Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [USN-45-1] nasm vulnerability Martin Pitt (Dec 22)
- <Possible follow-ups>
- RE: [USN-45-1] nasm vulnerability Todd Towles (Dec 22)
- Re: [USN-45-1] nasm vulnerability Martin Pitt (Dec 24)
- Re: [USN-45-1] nasm vulnerability Devdas Bhagat (Dec 24)