Vulnerability Development mailing list archives
Format Bugs Are Not Unique to UNIX
From: Crispin Cowan <crispin () WIREX COM>
Date: Sun, 10 Sep 2000 02:54:22 -0700
Stephen: I read with interest your recent article on the new "format" bugs http://yahoo.cnet.com/news/0-1003-200-2719802.html?pt.yfin.cat_fin.txt.ne I am troubled by your characterization of this as a UNIX/Linux problem. There is no reason to believe that this problem is unique to UNIX/Linux systems, so I went looking. The result was that the folks at Core SDI (whom you cite http://www.core-sdi.com ) have actually discovered a format bug in Windows code http://www.core-sdi.com/advisories/pki_server_adving.htm I'm advising you of this point so as to stop the potential propagation of the image that only UNIX/Linux systems are vulnerable to this bug, and to give the public warning that there is likely to be a flood of similar vulnerabilities in Windows. Thanks, Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org Olympics: The Corruption Games
Current thread:
- Format Bugs Are Not Unique to UNIX Crispin Cowan (Sep 12)