cygwin1.dll up to 1.5.22 overflow
Daniel Fdez. Bleda
Tue Nov 13 10:40:00 GMT 2007
> You didn't answer all our questions yet, specifically which was the
> vulnerable function. I was hoping to get some feel for whether this could be
> exploited remotely, e.g. by uploading a long file to an ftp server, and
> whether it could be used to increase privilege, by triggering in a cygwin
The vulnerable command is "touch". We didn't analyze the code, as we
suppose is easier for you -or the maintainer coder- to locate the
vulnerable function. At least, faster. So, what is the vulnerable
function? I don't know. The vulnerability is easly exploitable, so,
you could check it fastly to be sure where is the flaw.
> The answers to those questions would determine my suggested response. If
> any of them were 'yes', I would suggest we delete the affected versions from
> the sourceware repository and place an announcement on the cygwin.com front
> page, co-ordinated with your advisory. If not, I would suggest that it would
> be appropriate to just release your advisory to the mailing list.
> However, Corinna is the responsible maintainer, so we should wait for her
> BTW, it's not clear from your subject line: cygwin1.dll < 1.5.22, or
> cygwin1.dll <= 1.5.22? Which was the first fixed version?
cygwin1.dll <= 1.5.22
But I'll check it again.
More information about the Cygwin-developers