Date: Sun, 29 Oct 2000 12:29:34 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: Roman Shterenzon <roman@xpert.com> Cc: Jeremy Norris <ishmael27@home.com>, ports@FreeBSD.ORG, security@freebsd.org Subject: Re: Remote buffer overflow in gnomeicu 0.93 Message-ID: <20001029122934.A69717@hamlet.nectar.com> In-Reply-To: <Pine.LNX.4.10.10010291958530.2096-100000@jamus.xpert.com>; from roman@xpert.com on Sun, Oct 29, 2000 at 08:00:32PM %2B0200 References: <20001029072540.A89648@babylon.merseine.nu> <Pine.LNX.4.10.10010291958530.2096-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 29, 2000 at 08:00:32PM +0200, Roman Shterenzon wrote: > On Sun, 29 Oct 2000, Jeremy Norris wrote: > > Gnomeicu doesn't run with any privelege however, unless one is > > foolish enough to run it as root. At worse, a deviant person could > > crash it and gain access as an unprivleged user. Is thate enough to > > make a port FORBIDDEN? > It's a serious security breach, like giving someone to login as you > without a password. That's exactly the same. Seems like a very serious > problem to me. > It's just a matter of time when the attacker will elevate her priveledges. Except that the bug in question is not a buffer overflow, and does not appear to have security consequences. I trust you have already reported the bug to the author -- when you get a reply, I would be happy to see it, too. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001029122934.A69717>