This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: cygwin1.dll up to 1.5.22 overflow
Dave,
>
> You didn't answer all our questions yet, specifically which was the
> vulnerable function. I was hoping to get some feel for whether this could be
> exploited remotely, e.g. by uploading a long file to an ftp server, and
> whether it could be used to increase privilege, by triggering in a cygwin
> service.
The vulnerable command is "touch". We didn't analyze the code, as we
suppose is easier for you -or the maintainer coder- to locate the
vulnerable function. At least, faster. So, what is the vulnerable
function? I don't know. The vulnerability is easly exploitable, so,
you could check it fastly to be sure where is the flaw.
>
> The answers to those questions would determine my suggested response. If
> any of them were 'yes', I would suggest we delete the affected versions from
> the sourceware repository and place an announcement on the cygwin.com front
> page, co-ordinated with your advisory. If not, I would suggest that it would
> be appropriate to just release your advisory to the mailing list.
>
> However, Corinna is the responsible maintainer, so we should wait for her
> input.
>
> BTW, it's not clear from your subject line: cygwin1.dll < 1.5.22, or
> cygwin1.dll <= 1.5.22? Which was the first fixed version?
cygwin1.dll <= 1.5.22
But I'll check it again.
>
>
> cheers,
> DaveK
Regards,