oss-sec mailing list archives

Re: update on CVE-2008-5718

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 28 Jan 2009 10:14:59 -0500 (EST)


On Wed, 28 Jan 2009, Thomas Biege wrote:

I was thinking about that case too but it might not work because we escape
the space.


This would limit the impact to whatever a single command-line switch can
do for whatever command is being invoked.  Probably some programs accept a
"-stdin" switch and thus would hang forever waiting to read input, as an
example.

- Steve

Current thread:

update on CVE-2008-5718 Nico Golde (Jan 13)
- Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
  - Re: update on CVE-2008-5718 Nico Golde (Jan 14)
    - Re: update on CVE-2008-5718 Thomas Biege (Jan 14)
  - Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
    - Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
    - Re: update on CVE-2008-5718 Thomas Biege (Jan 28)
    - Re: update on CVE-2008-5718 Steven M. Christey (Jan 28)
    - Re: update on CVE-2008-5718 Nico Golde (Jan 28)