Date: Tue, 9 Apr 2002 06:11:22 -0700 (PDT) From: X Philius <xphilius@yahoo.com> To: Peter Pentchev <roam@ringlet.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: zlib double-free security notification Message-ID: <20020409131122.2511.qmail@web11807.mail.yahoo.com> In-Reply-To: <20020409095832.A3374@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter, Well, honestly, it is the "execute arbitrary code" warnings that I am really worried about. I run a web server for educational purposes more than anything else (ie there are no CC numbers or really anything else private on the whole machine). I want to make damn sure I don't get cracked and have my server used as a launch pad for some other nefarious task, but if someone crashes my ShoutCast server or Apache it's no big loss ;-) Anyone know of any scripts in the wild that take advantage of this hole? Jason > > "Simple DoS issues" might result in killing a server you do not want > killed, thus (theoretically) denying access to important services > and maybe the machine itself. In truth, right now I cannot remember > if there were any such announced vulnerabilities that could result > in killing off a whole service, but.. better safe than sorry, I'd > say.. > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > I am not the subject of this sentence. > > ATTACHMENT part 2 application/pgp-signature __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409131122.2511.qmail>