Wojciech Purczynski wrote: > This is not an integer overflow bug. do_brk() doesn't verify its arguments > at all, allowing to create arbitrarily large virtual memory mapping (vma) > consuming kernel memory.
At least this explains why it wasn't found by the Stanford checker tool. Thanks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
