Re: [suse-security] XFree86 4.0 local buffer overflow
fm@cupserv.org:
I reasoned that it's the same code base, and if so, then great. If not, sorry for the alert, but I didn't want to wait for confirmation.
They use the same code base. Buffer overflow exploits may work with both OS if using the same compiler and options on that compiler and beeing not related to system calls, because these are different for every operating system. Making some exploits work only on a certain OS. -- Thomas
tschweikle@FIDUCIA.de wrote:
fm@cupserv.org:
I reasoned that it's the same code base, and if so, then great. If not, sorry for the alert, but I didn't want to wait for confirmation.
They use the same code base. Buffer overflow exploits may work with both OS if using the same compiler and options on that compiler and beeing not related to system calls, because these are different for every operating system. Making some exploits work only on a certain OS.
Yes, but if the source does not check array boundaries sufficiently, it may be possible to construct an exploit for another OS. Exploits do not grow on trees, but once there is a known "soft spot" in a widely used piece of code, exploits can be expected to be available rather sooner than later. Rupert -- Rupert Kittinger <kittinger@mechanik.tu-graz.ac.at> Department of Mechanics and Mechanisms Graz University of Technology Kopernikusgasse 24/III A-8010 Graz pgp-keyID: EB7E995C; get public key from http://www.openpgp.net/pgpsrv.html
participants (2)
-
Rupert Kittinger -
tschweikle@FIDUCIA.de