[37849] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DJB's students release 44 *nix software vulnerability advisories

daemon@ATHENA.MIT.EDU (milw0rm Inc.)
Tue Dec 21 17:54:05 2004

Message-ID: <814b9d504122112346acc78e8@mail.gmail.com>
Date: Tue, 21 Dec 2004 14:34:20 -0600
From: "milw0rm Inc." <milw0rm@gmail.com>
Reply-To: "milw0rm Inc." <milw0rm@gmail.com>
To: bugtraq@securityfocus.com
Cc: Jonathan T Rockway <jrockw2@uic.edu>
In-Reply-To: <Pine.A41.4.58.0412201706570.241672@tigger.cc.uic.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

/* 
Two points.
Regarding local versus remote, look at it this way:  You have a 100%
secure system.  Then you install NASM.  Now a user FROM THE NETWORK can
send you some tainted assembly code for you to assemble and he can
compromise your account.
*/ 

quote "for you to assemble"

Its a user error.  Your not remotely exploiting anything but the trust
from the user.

//str0ke


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37849] in bugtraq

Re: DJB's students release 44 *nix software vulnerability advisories

daemon@ATHENA.MIT.EDU (milw0rm Inc.)Tue Dec 21 17:54:05 2004

daemon@ATHENA.MIT.EDU (milw0rm Inc.)
Tue Dec 21 17:54:05 2004