funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Confusion Flaw?

From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 24 Jan 2012 18:04:13 -0500
From USN-1263-2 (http://www.ubuntu.com/usn/usn-1263-2/):


    It was discovered that a type confusion flaw existed in the in
    the Internet Inter-Orb Protocol (IIOP) deserialization code. A
    remote attacker could use this to cause an untrusted application
    or applet to execute arbitrary code by deserializing malicious
    input. (CVE-2011-3521)

I give - what is a confusion flaw?

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: