why assign cve to something irrelvent?
On Saturday, March 21st, 2026 at 5:14 AM, Alan Coopersmith <[email protected]> wrote: > On 1/5/26 09:27, Alan Coopersmith wrote: > > Late last year, a tape was found containing the only known copy of Bell Labs > > Research Unix Version 4 from 1973 - the version in which UNIX was rewritten > > from assembly into the then-new C programming language. Since then a number > > of folks have been running the recovered software in PDP-11 simulators. > > > > https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/ examines the > > source code for su.c and shows that the buffer for password input is a > > simple 100 character array, but the loop to read password input has no > > boundary checks and will happily keep writing long past the end of the > > buffer. > > This has been assigned CVE-2025-71263 now: > https://www.cve.org/CVERecord?id=CVE-2025-71263 > > -- > -Alan Coopersmith- [email protected] > Oracle Solaris Engineering - https://blogs.oracle.com/solaris >
