On Tue, Jan 15, 2013 at 10:45 PM, Dominik Maier domen...@gmail.com wrote:
Only issue I could think of is that it could be used to escalate permissions
of an attacker to swath's user's context. Then again, the system already has
to be infiltrated to do that...
So, it's still possible to
You have already fixed it, haven't you? ;)
On Wed, Jan 16, 2013 at 3:53 PM, Theppitak Karoonboonyanan
t...@linux.thai.net wrote:
So, it's still possible to exploit by explicitly invoking swath mule mode
in some scripts or so. I think I'll fix this.
On Wed, Jan 16, 2013 at 10:55 PM, Dominik Maier domen...@gmail.com wrote:
You have already fixed it, haven't you? ;)
I mean, with Debian upload.
Regards,
--
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Yes, you should get the latest Version to the repository.
On Wed, Jan 16, 2013 at 4:57 PM, Theppitak Karoonboonyanan
t...@linux.thai.net wrote:
On Wed, Jan 16, 2013 at 10:55 PM, Dominik Maier domen...@gmail.com
wrote:
You have already fixed it, haven't you? ;)
I mean, with Debian upload.
On Wed, Jan 16, 2013 at 11:00 PM, Dominik Maier domen...@gmail.com wrote:
Yes, you should get the latest Version to the repository.
No, Wheezy is now frozen. I had better backport the patch.
Regards,
--
Theppitak Karoonboonyanan
http://linux.thai.net/~thep/
--
To UNSUBSCRIBE, email to
On Tue, Jan 15, 2013 at 6:44 AM, Dominik Maier domen...@gmail.com wrote:
Buffer overflow because of strcpy with possibility to inject shellcode:
swath mule -b [More than 20 to overflow and possibly inject shellcode.]
emptyfile
proplematic lines are:
char stopstr[20];
if (muleMode)
Hi,
The Argument will most likely not come from untrusted sources, I guess?
So it's no severe risk.
Only issue I could think of is that it could be used to escalate
permissions of an attacker to swath's user's context. Then again, the
system already has to be infiltrated to do that...
Regards
Package: swath
Version: 0.4.0-4
Buffer overflow because of strcpy with possibility to inject shellcode:
swath mule -b [More than 20 to overflow and possibly inject shellcode.]
emptyfile
proplematic lines are:
char stopstr[20];
if (muleMode)
strcpy(stopstr,wbr);
Instead, you should
8 matches
Mail list logo