cygwin1.dll up to 1.5.22 overflow

Daniel Fdez. Bleda
Mon Nov 12 20:57:00 GMT 2007

Dave, Corinna,

I you consider the advisory could be already published due the
collateral correction of the flaw in recent versions?


Dave Korn escribió:
> On 08 November 2007 13:51, Daniel Fdez. Bleda wrote:
>> Dear Corinna,
>> I understand from this that you are asking for that details about
>> explotation, pof, etc. of a vulnerability of a software should be
>> directly disclosed in the list? Sounds some kind of dangerous.
>> I didn't usually include in "bugs" a bof that permits execute code.
>> I'll do this as you requested omitting sensible information.
>   I understand your need for caution.  I think maybe we should consider what
> is the best course of action to take and perhaps write up a semi-formal
> announcement for the list instead?
>   Also, maybe we should retire the earlier vulnerable cygwin dll versions that
> are still on
>   Cygwin is inherently insecure, the shared memory mechanism allows
> unauthenticated communication across trust boundaries between processes;
> without a major redesign it's always going to be vulnerable to privilige
> escalation in particular.  It's not advisable to run a cygwin-based service
> facing the public internet IMO.
>   Which was the vulnerable function?  I'd like to see how serious the
> opportunities for attack are before we rush into anything.
>     cheers,
>       DaveK

More information about the Cygwin-developers mailing list