No root-compromising security holes

To: control@bugs.debian.org, 24898@bugs.debian.org, debian-devel@lists.debian.org, jbj@image.dk
Subject: No root-compromising security holes
From: John Goerzen <jgoerzen@complete.org>
Date: 23 Jul 1998 16:41:04 -0500
Message-id: <[🔎] 87lnpkfdov.fsf@garfield.complete.org>

severity 24898 normal
quit

After a quick audit of the code, I do not believe that there are any
security holes in cfingerd that could be use to compromise root.
There are potentials for buffer-overflows.  However, none of them
involve any potentially tainted data -- they involve reading config
files and the like -- data that only root could supply to cfingerd
anyway.  Therefore, I set severity to this to normal.

Thanks,
John

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
Visit the Air Capital Linux Users Group on the web at http://www.aclug.org


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Re^2: Should we ship KDE in hamm?
Next by Date: Re: RH and GNOME
Previous by thread: Re: Where is slang's source?
Next by thread: Re: No root-compromising security holes
Index(es):
- Date
- Thread