>>>>> "christian" == christian void <[EMAIL PROTECTED]> writes:
christian> lprng has a vulnerability involving string formats for
christian> syslog. this type of vulnerability is a very tricky
christian> stack overflow. the multiple connections were probably
christian> the attacker looking for the offset into the stack that
christian> would allow them to overwrite the stack's return
christian> pointer.
The lprng string format vulnerability hat I came across while
researching this http://www.ciac.org/ciac/bulletins/l-025.shtml was
patched (as far as I can see) by redhat as of version 7.0 with
http://www.redhat.com/support/errata/RHSA-2000-065-06.html. Is there
a new one out, or was the fix not a fix, or what?
Thanks,
John Hunter
_______________________________________________
Bits mailing list
[EMAIL PROTECTED]
http://www.sugoi.org/mailman/listinfo/bits
