Dear [ Suresec Advisories ], Well... another one reason to do not write messages in HTML - the link points to adv6.pdf instead of adv7.pdf while the text is correct. Let readers to choose font and colors to read your message, write it in plain text.
-- ~/ZARAZA http://www.security.nnov.ru/ --Sunday, September 25, 2005, 4:34:26 PM, you wrote to [email protected]: SA> Suresec Security Advisory - #00007 SA> 25/09/2005 SA> Mac OS X - malloc() insecure use of environment variable. SA> Advisory: http://www.suresec.org/advisories/adv7.pdf SA> Description: SA> The malloc() function on Mac OS X insecurely trusts a debug SA> variable, regardless of the fact that the calling application may be SA> suid root. SA> This can result in an arbitrary file being overwritten, which SA> can be used to escalate privileges. SA> This vulnerability was discovered by Ilja van Sprundel. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
