Re: Preparation of the next stable Debian GNU/Linux update (I)

To: Holger Levsen <debian@layer-acht.org>
Cc: debian-release@lists.debian.org
Subject: Re: Preparation of the next stable Debian GNU/Linux update (I)
From: Martin Schulze <joey@infodrom.org>
Date: Sat, 16 Sep 2006 19:51:07 +0200
Message-id: <[🔎] 20060916175107.GG15240@finlandia.home.infodrom.org>
In-reply-to: <[🔎] 200609161802.08032.debian@layer-acht.org>
References: <[🔎] 20060914224535.GA4806@frigg.ftbfs.de> <[🔎] 20060915220733.2dc12844@monster.cacholong.nl> <[🔎] 20060916065006.GB15240@finlandia.home.infodrom.org> <[🔎] 200609161802.08032.debian@layer-acht.org>

Holger Levsen wrote:
> On Saturday 16 September 2006 08:50, Martin Schulze wrote:
> > The first one doesn't look like a real security problem.
> 
> Please explain why you think that putting arbitrary long strings into fixed 
> sized buffers is not a security problem, preferedly in the bugreport.

Please explain how an attacker can exploit this and force slapd to
put arbitrary long strings into fixed sized buffers.

Precondition: Requiring either root permissions or LDAP admin
permissions don't count.

Regards,

	Joey

-- 
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Reply to:

References:
- Preparation of the next stable Debian GNU/Linux update (I)
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Matthijs Mohlmann <matthijs@cacholong.nl>
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Martin Schulze <joey@infodrom.org>
- Re: Preparation of the next stable Debian GNU/Linux update (I)
  - From: Holger Levsen <debian@layer-acht.org>

Prev by Date: Re: Preparation of the next stable Debian GNU/Linux update (I)
Next by Date: Re: removal of bluez-bcm203x ?
Previous by thread: Re: Preparation of the next stable Debian GNU/Linux update (I)
Next by thread: Re: Preparation of the next stable Debian GNU/Linux update (I)
Index(es):
- Date
- Thread