Re: Preparation of the next stable Debian GNU/Linux update (I)
Holger Levsen wrote:
> On Saturday 16 September 2006 08:50, Martin Schulze wrote:
> > The first one doesn't look like a real security problem.
> Please explain why you think that putting arbitrary long strings into fixed
> sized buffers is not a security problem, preferedly in the bugreport.
Please explain how an attacker can exploit this and force slapd to
put arbitrary long strings into fixed sized buffers.
Precondition: Requiring either root permissions or LDAP admin
permissions don't count.
Have you ever noticed that "General Public Licence" contains the word "Pub"?