Yes, the recent dhclient stack buffer overflow[1][2] used memcpy, not strcpy, making this an issue for Hardy. There is evidence that attacks were built against Ubuntu Hardy that took into account the static guard value, which would have been stopped if the value was correctly randomized.
Given that similar issues may again happen, I feel it is best to make sure this protection is fixed for Hardy. [1] http://www.ubuntu.com/usn/usn-803-1 [2] http://www.debian.org/security/2009/dsa-1833 [3] http://lists.immunitysec.com/pipermail/dailydave/2009-July/005829.html -- stack protector guard value uses a static sentinel https://bugs.launchpad.net/bugs/275493 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
