cygwin1.dll up to 1.5.22 overflow
Daniel Fdez. Bleda
Mon Nov 12 20:57:00 GMT 2007
I you consider the advisory could be already published due the
collateral correction of the flaw in recent versions?
Dave Korn escribiÃ³:
> On 08 November 2007 13:51, Daniel Fdez. Bleda wrote:
>> Dear Corinna,
>> I understand from this that you are asking for that details about
>> explotation, pof, etc. of a vulnerability of a software should be
>> directly disclosed in the list? Sounds some kind of dangerous.
>> I didn't usually include in "bugs" a bof that permits execute code.
>> I'll do this as you requested omitting sensible information.
> I understand your need for caution. I think maybe we should consider what
> is the best course of action to take and perhaps write up a semi-formal
> announcement for the list instead?
> Also, maybe we should retire the earlier vulnerable cygwin dll versions that
> are still on sourceware.org?
> Cygwin is inherently insecure, the shared memory mechanism allows
> unauthenticated communication across trust boundaries between processes;
> without a major redesign it's always going to be vulnerable to privilige
> escalation in particular. It's not advisable to run a cygwin-based service
> facing the public internet IMO.
> Which was the vulnerable function? I'd like to see how serious the
> opportunities for attack are before we rush into anything.
More information about the Cygwin-developers