Wojciech Purczynski wrote:
> This is not an integer overflow bug. do_brk() doesn't verify its arguments
> at all, allowing to create arbitrarily large virtual memory mapping (vma)
> consuming kernel memory.
At least this explains why it wasn't found by the Stanford checker tool.
Thanks.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Tue Dec 02 11:18:18 2003
This archive was generated by hypermail 2.1.8 : Tue Dec 02 2003 - 12:01:00 CST
