<<< Date Index >>>     <<< Thread Index >>>

Re: GNU/Linux 'info Buffer Overflow



On Fri, Aug 06, 2004 at 11:41:12PM +0200, Niels Bakker wrote:
> /usr/bin/info is not setuid, and I can't think of any way to invoke the
> program where it would allow for privilege escalation.  Why is the
> severity "grave?" Remember that this is bugtraq, about security, not
> the Debian bug tracking system, or texinfo's gnats.

I think that the severity is overstated for Debian BTS too, IMO - and
according to Debian Policy - this should be 'normal' or 'serious' at
highest.

Alex

PS> Niels, your advertised address bounces with virtusertable errors,
I tried to send this offlist first.
-- 
0x46399138

Attachment: pgpXENOBvhObF.pgp
Description: PGP signature