All files from this thread

File Name File Size   Posted by Date  
patch.null.pointer.txt.bin 430 bytes open | download Igor Sysoev 10/26/2009 Read message
Previous Message Next Message
Forum List Message List New Topic Print View
Igor Sysoev
October 30, 2009 12:38PM
On Fri, Oct 30, 2009 at 05:22:41PM +0100, Pior Bastida wrote:

> On Monday 26 October 2009 19:46:58 Igor Sysoev wrote:
> > A patch to fix null pointer dereference vulnerability in 0.1.0-0.8.13.
> > The patch is not required for versions 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+.
>
> Hello Igor,
>
> Can you confirm that it's related to this vulnerability?
>
> http://www.securityfocus.com/bid/36839

Yes. However, it's not a buffer overflow as stated there.
The published exploit causes always a null pointer dereference only
and you can not execute arbitrary code as stated there.


--
Igor Sysoev
http://sysoev.ru/en/
Reply Quote
RSS
Subject Author Posted

null pointer dereference vulnerability in 0.1.0-0.8.13. Attachments

Igor Sysoev October 26, 2009 02:52PM

Re: null pointer dereference vulnerability in 0.1.0-0.8.13.

Pior Bastida October 30, 2009 12:28PM

Re: null pointer dereference vulnerability in 0.1.0-0.8.13.

Igor Sysoev October 30, 2009 12:38PM

Re: null pointer dereference vulnerability in 0.1.0-0.8.13.

Pior Bastida October 31, 2009 07:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

hackermade
Guests: 292
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready