[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Results of environment variable fuzzing Debian 5.05 SUID/SGIDs

On Tue Jan 18, 2011 at 22:25:20 +1100, Silvio Cesare wrote:

>    This kind of testing is good for Debian security and provides some comfort
>    to me at least knowing this class of vulnerability has been tested for
>    against the privleged programs in the Debian repository.


  I started doing the same thing a few years ago, and it was very

  However to make your reports more thorough it is important to look
 at the source of the code to see if the crash is an exploitable one
 or not.  Ideally you'd include that information in any bug
 reports you submitted.


Reply to: