| From: | Vince Vielhaber <vev(at)michvhf(dot)com> |
|---|---|
| To: | Justin Clift <justin(at)postgresql(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Date: | 2002-08-19 22:59:44 |
| Message-ID: | Pine.BSF.4.40.0208191858100.4866-100000@paprika.michvhf.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 20 Aug 2002, Justin Clift wrote:
> Vince,
>
> Do you reckon it's worth you responding to "Sir Mordred" and pointing
> out that he overstated the vulnerability?
Not me. Tom (pref) or Marc would be the proper respondent.
>
> :-)
>
> Regards and best wishes,
>
> Justin Clift
>
>
> Tom Lane wrote:
> >
> > Justin Clift <justin(at)postgresql(dot)org> writes:
> > > Glad he made the advisory for something there's a fix for. :)
> >
> > The claim that this bug allows execution of arbitrary code is bogus anyway.
> > The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
> > predetermined way; an attacker will have no opportunity to insert code
> > of his choosing.
> >
> > regards, tom lane
>
>
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
http://www.camping-usa.com http://www.cloudninegifts.com
http://www.meanstreamradio.com http://www.unknown-artists.com
==========================================================================
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-20 01:30:13 | Re: Removing Libraries (Was: Re: Open 7.3 issues) |
| Previous Message | Justin Clift | 2002-08-19 22:56:02 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |