Vulnerability Development mailing list archives
Killing Thread (New bugs discovered!)
From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 19 Nov 2001 14:21:17 -0800
OK, I think we've had enough check-in on this one. Clearly, there is a problem with the older version of gzip, which Slackware is still shipping. It looks like patches are widely used elsewhere, whether they're official or not. A couple of people chimed in that a Solaris box or two gave the segfault, including Solaris 8. I'd like to see one or two posts on that indicating whether that was from the Sun additional software CD, or from sunfreeware, or self-compiled or what. I.e. if Sun is shipping the bad version, I want that documented. People often send messages (which I rarely approve) about why we're having a discussion about something that isn't setuid/setgid. The original poster outlines one scenario. There are others. I'm not opposed to allowing the occasion discussion about these kinds of bugs, especially if it's a common util. So, except for the Sun question above, or if someone writes an "exploit" for this, or if someone wants to contribute another scenarion where extra privs can be gained, I'll close this thread. BB
Current thread:
- Killing Thread (New bugs discovered!) Blue Boar (Nov 19)
- Re: Killing Thread (New bugs discovered!) Claes Nyberg (Nov 19)