[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Tue, 2003-12-02 at 17:31, Tom wrote:
> On Tue, Dec 02, 2003 at 11:06:44PM +0800, Isaac To wrote:
> > rather far from changing anything in the kernel memory.  Andreas is
> > definitely right that the hole doesn't look like that it is that dangerous.
> 
> It messed up your life for a couple weeks.
> 
> Jesus, it's not the end of the world, but that's the way Microsoft (used 
> to | still) thinks.
> 
> If it wasn't a big deal we wouldn't be talking about it.  It shut down 
> servers.  It's dangerous enough.
> 

Of course it is a dangerous hole. As you say that has already been
shown.

But the point was that it didn't _look_ dangerous when the bug was
discovered. Had it looked dangerous, a security update would have been
issued.

/Jens
Reply to: