What's "may have exploitable buffer overflows" mean in tcpdump?

To: tcpdump-workers@xxxxxxxxxxxxxxxxx
Subject: What's "may have exploitable buffer overflows" mean in tcpdump?
From: Dragos Ruiu <dr@xxxxxxx>
Date: Mon, 13 Dec 2004 14:14:47 -0800
Cc: misc@xxxxxxxxxxx, security@xxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: All Terrain Ninjas
User-agent: KYX-CP/M-FNORD5602

WARNING: The SMB printer may have exploitable buffer overflows!!!

That's what the ./configure script on tcpdump-current warns me about
(re SMB printer).  What exactly does this warning message mean?
If there are overflows, they should be fixed. If they are unfixed the
code should be removed.

If the problem is not identified fully, perhaps a bunch of smart people 
had better start auditing the code. If the intent of this message is to 
start getting people to look at the code then I think an advisory 
would be a better way to do this.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada       May 4-6 2005  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

Prev by Date: [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability
Next by Date: Linux kernel IGMP vulnerabilities
Previous by thread: [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability
Next by thread: Linux kernel IGMP vulnerabilities
Index(es):
- Date
- Thread