"Alexey E. Suslikov" <[EMAIL PROTECTED]> writes: > binutils < 2.16-r1 are vulnerable > > http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml
So? What's the attack vector? You give a random executable to a sysadmin and ask him to not run it, but instead do a "strings" on it? And ask him to be so nice and actually do it as root? Wouldn't it be simpler to just ask him to run it if he's blind enough to not see that you're trying to do something suspicious? I just can't imagine a common scenario where this could lead to a privilege escalation or any other problem, so I don't understand why this is published in a security advisory or why the word "vulnerable" is used. Buggy? Of course, everyone know that libbfd is a piece of crap. But "vulnerable"? //art
