-----Original Message-----
From: Gossi The Dog <[EMAIL PROTECTED]>
Date: 03 March 2001 19:32
Subject: [cobalt-security] /usr/bin/Mail buffer overflow
>Theres a buffer overflow on all Cobalt RaQs, most probably other Cobalt
>products also, in /usr/bin/Mail.
Given that all this achieves is crashing a program that runs under your own
user ID, where is the security risk?
Buffer overflows may allow you to execute arbritrary code, but as the
program runs as yourself (it is not setuid), you still can't run code as
another user, so it's not really much of an "exploit" is it?
Cheers
Stephen
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
