[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: lynx (old) .mailcap handling flaw
From:       Tomas Hoger <thoger () redhat ! com>
Date:       2008-10-29 16:22:26
Message-ID: 20081029172226.5f460084 () redhat ! com
[Download RAW message or body]

Hi Tavis!

On Wed, 29 Oct 2008 12:45:57 +0000 Tavis Ormandy
<taviso@sdf.lonestar.org> wrote:

> Well obviously. The attack would be convincing someone to debug an
> application with a testcase provided in a tarball

Correct, I should have listed that before as separate case for gdb /
valgrind.  But is there any good way to protect against this without
crippling this feature completely?

> or to debug something in a specific directory.

That should be covered by previously mentioned 2).

> If you just dumped one in /tmp on a system I use and waited a few
> weeks, there's a strong possibility you would pwn me.

... looks like I should check whether sdf still offers free shell
accounts ;).

> Of course, guess who reported that ;-) (me).

Correct, again... CVE-2005-1705
  http://bugs.gentoo.org/show_bug.cgi?id=88398

Note to self: Do more research before trying to teach old dog ^W^W
Tavis some new ^W really really old tricks... ;)

I'll shut up now...

-- 
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]