oss-sec mailing list archives

Re: CVE request: lynx (old) .mailcap handling flaw

From: Tomas Hoger <thoger () redhat com>
Date: Wed, 29 Oct 2008 17:22:26 +0100

Hi Tavis!

On Wed, 29 Oct 2008 12:45:57 +0000 Tavis Ormandy
<taviso () sdf lonestar org> wrote:

Well obviously. The attack would be convincing someone to debug an
application with a testcase provided in a tarball


Correct, I should have listed that before as separate case for gdb /
valgrind.  But is there any good way to protect against this without
crippling this feature completely?

or to debug something in a specific directory.


That should be covered by previously mentioned 2).

If you just dumped one in /tmp on a system I use and waited a few
weeks, there's a strong possibility you would pwn me.


... looks like I should check whether sdf still offers free shell
accounts ;).

Of course, guess who reported that ;-) (me).


Correct, again... CVE-2005-1705
  http://bugs.gentoo.org/show_bug.cgi?id=88398

Note to self: Do more research before trying to teach old dog ^W^W
Tavis some new ^W really really old tricks... ;)

I'll shut up now...

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 25)
- Re: CVE request: lynx (old) .mailcap handling flaw Steven M. Christey (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 27)
  - Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)
    - Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 29)
    - Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 29)