Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Format Bugs Are Not Unique to UNIX

From: Crispin Cowan <crispin () WIREX COM>
Date: Sun, 10 Sep 2000 02:54:22 -0700
Stephen:  I read with interest your recent article on the new "format"
bugs
http://yahoo.cnet.com/news/0-1003-200-2719802.html?pt.yfin.cat_fin.txt.ne

I am troubled by your characterization of this as a UNIX/Linux problem.
There is no reason to believe that this problem is unique to UNIX/Linux
systems, so I went looking.  The result was that the folks at Core SDI
(whom you cite  http://www.core-sdi.com ) have actually discovered a
format bug in Windows code
http://www.core-sdi.com/advisories/pki_server_adving.htm

I'm advising you of this point so as to stop the potential propagation
of the image that only UNIX/Linux systems are vulnerable to this bug,
and to give the public warning that there is likely to be a flood of
similar vulnerabilities in Windows.

Thanks,
    Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
                Olympics:  The Corruption Games
Previous By Date Next
Previous By Thread Next

Current thread: