cygwin1.dll up to 1.5.22 overflow

Daniel Fdez. Bleda dfernandez@isecauditors.com
Mon Nov 12 20:57:00 GMT 2007


Dave, Corinna,

I you consider the advisory could be already published due the
collateral correction of the flaw in recent versions?

Regards,

Dave Korn escribió:
> On 08 November 2007 13:51, Daniel Fdez. Bleda wrote:
> 
>> Dear Corinna,
>>
>> I understand from this that you are asking for that details about
>> explotation, pof, etc. of a vulnerability of a software should be
>> directly disclosed in the list? Sounds some kind of dangerous.
>>
>> I didn't usually include in "bugs" a bof that permits execute code.
>>
>> I'll do this as you requested omitting sensible information.
> 
>   I understand your need for caution.  I think maybe we should consider what
> is the best course of action to take and perhaps write up a semi-formal
> announcement for the list instead?
> 
>   Also, maybe we should retire the earlier vulnerable cygwin dll versions that
> are still on sourceware.org?
> 
>   Cygwin is inherently insecure, the shared memory mechanism allows
> unauthenticated communication across trust boundaries between processes;
> without a major redesign it's always going to be vulnerable to privilige
> escalation in particular.  It's not advisable to run a cygwin-based service
> facing the public internet IMO.
> 
>   Which was the vulnerable function?  I'd like to see how serious the
> opportunities for attack are before we rush into anything.
> 
> 
>     cheers,
>       DaveK



More information about the Cygwin-developers mailing list