Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers

On Tue, 20 Aug 2002, Justin Clift wrote:

> Vince,
>
> Do you reckon it's worth you responding to "Sir Mordred" and pointing
> out that he overstated the vulnerability?

Not me.  Tom (pref) or Marc would be the proper respondent.

>
> :-)
>
> Regards and best wishes,
>
> Justin Clift
>
>
> Tom Lane wrote:
> >
> > Justin Clift <justin@postgresql.org> writes:
> > > Glad he made the advisory for something there's a fix for.  :)
> >
> > The claim that this bug allows execution of arbitrary code is bogus anyway.
> > The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
> > predetermined way; an attacker will have no opportunity to insert code
> > of his choosing.
> >
> >                         regards, tom lane
>
>


Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net        56K Nationwide Dialup from $16.00/mo
atPop4 Networking     http://www.camping-usa.com      http://www.cloudninegifts.com  http://www.meanstreamradio.com
 http://www.unknown-artists.com
 
==========================================================================