This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: cygwin1.dll up to 1.5.22 overflow
- From: Christopher Faylor <cgf-use-the-mailinglist-please at cygwin dot com>
- To: cygwin-developers at cygwin dot com
- Date: Tue, 20 Nov 2007 07:02:07 -0500
- Subject: Re: cygwin1.dll up to 1.5.22 overflow
- References: <1195553439.4742b29fbf2cd@mail.isecauditors.com>
- Reply-to: cygwin-developers at cygwin dot com
On Tue, Nov 20, 2007 at 11:10:39AM +0100, Jesus wrote:
>Hello developers,
>
>cygwin1.dll is vulnerable a dangerous buffer overflow that can be exploited
>remotelly.
>
>We can take control of ebp and edi and can redirect the execution flow.
>
>I think the version is 1.5.7-1 and prior:
I think we can rest easy if it really is 1.5.7-1. That version is about three
years old and is no longer available for download.
cgf