cygwin1.dll up to 1.5.22 overflow

Dave Korn
Thu Nov 8 12:57:00 GMT 2007

On 08 November 2007 13:51, Daniel Fdez. Bleda wrote:

> Dear Corinna,
> I understand from this that you are asking for that details about
> explotation, pof, etc. of a vulnerability of a software should be
> directly disclosed in the list? Sounds some kind of dangerous.
> I didn't usually include in "bugs" a bof that permits execute code.
> I'll do this as you requested omitting sensible information.

  I understand your need for caution.  I think maybe we should consider what
is the best course of action to take and perhaps write up a semi-formal
announcement for the list instead?

  Also, maybe we should retire the earlier vulnerable cygwin dll versions that
are still on

  Cygwin is inherently insecure, the shared memory mechanism allows
unauthenticated communication across trust boundaries between processes;
without a major redesign it's always going to be vulnerable to privilige
escalation in particular.  It's not advisable to run a cygwin-based service
facing the public internet IMO.

  Which was the vulnerable function?  I'd like to see how serious the
opportunities for attack are before we rush into anything.

Can't think of a witty .sigline today....

More information about the Cygwin-developers mailing list