On Tue, 24 Jan 2012 18:04:13 EST, Jeffrey Walton said: > From USN-1263-2 (http://www.ubuntu.com/usn/usn-1263-2/): > > It was discovered that a type confusion flaw existed in the in > the Internet Inter-Orb Protocol (IIOP) deserialization code. A > remote attacker could use this to cause an untrusted application > or applet to execute arbitrary code by deserializing malicious > input. (CVE-2011-3521) > > I give - what is a confusion flaw?
'type confusion' - where a programmer forgot what type a variable had. Was that a signed int or an unsigned int? 32-bit or 64-bit? A pointer to a string, or a pointer to a struct?
pgpaYbECSxORw.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
