"Marc G. Fournier" <scrappy@hub.org> writes:
> On 23 Aug 2002, Neil Conway wrote:
> > The datetime overrun does not require the ability to connect to
> > the database.
>
> Ack ... obviously I missed something, but, if you can't get a
> connection to the database, how exactly is this one triggered? :(
If the application is accepting datetime input from the user ('what's
your birthday?', for example), and isn't doing some non-obvious input
validation on it (namely, checking that the input string isn't too
long), you can crash the backend. Gavin says executing arbitrary code
using the hole would be extremely difficult, but it's at least
conceivable.
Cheers,
Neil
--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC
