On Mon, Apr 14, 2008 at 02:26:47PM +0200, Nico Golde wrote: > Hi Mohammed, > * Mohammed Sameer <[EMAIL PROTECTED]> [2008-04-13 18:18]: > > I think I'm missing something. > > > > Why do we need to make it not suid if the daemon drops it (-6 upload) ? > > Cause it does drop it via seteuid and as long as the buffer > overflow exists possible injected shellcode could do > seteuid(0) to get it back. > Kind regards > Nico
aha! I sent a patch earlier as an attempt to fix the buffer overflow vulnerability. I'd appreciate someone reviewing it. I can do an upload if it's OK. Cheers, -- GPG-Key: 0xA3FD0DF7 - 9F73 032E EAC9 F7AD 951F 280E CB66 8E29 A3FD 0DF7 Debian User and Developer. Homepage: www.foolab.org
signature.asc
Description: Digital signature
