Derek Callaway writes: > Curious, what's so insecure about syslog()? A version was subject to a buffer overflow attack. > > is a security disaster. It also sucks in the string library, which > > includes the well-known security hole sprintf(). > > Does that sprintf() introduce an overflow or is it something else? sprintf(), if used with unchecked data, practically *mandates* an overflow. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
- remote root qmail-pop with vpopmail advisory an... John Gonzalez/netMDC admin
- Re: remote root qmail-pop with vpopmail ad... Russell Nelson
- Re: remote root qmail-pop with vpopmai... Derek Callaway
- Re: remote root qmail-pop with vpo... Russell Nelson
- Re: remote root qmail-pop with... Russ Allbery
- Re: remote root qmail-pop... Giles Lean
- Re: remote root qmail... Russ Allbery
- Re: remote root qmail-pop with vpo... Derek Callaway
- Re: remote root qmail-pop with... Petr Novotny
- Re: remote root qmail-pop with... Russell Nelson
- Re: remote root qmail-pop... Pavel Kankovsky
- Re: remote root qmail... Russell Nelson
- Re: remote root q... Petr Novotny
- Re: remote root q... Pavel Kankovsky