cygwin1.dll up to 1.5.22 overflow
Tue Nov 20 12:02:00 GMT 2007
On Tue, Nov 20, 2007 at 11:10:39AM +0100, Jesus wrote:
>cygwin1.dll is vulnerable a dangerous buffer overflow that can be exploited
>We can take control of ebp and edi and can redirect the execution flow.
>I think the version is 1.5.7-1 and prior:
I think we can rest easy if it really is 1.5.7-1. That version is about three
years old and is no longer available for download.
More information about the Cygwin-developers