[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

update

Subject: update
From: mysidia at gmail.com (Jimmy Hess)
Date: Sat, 27 Sep 2014 21:48:34 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Sat, Sep 27, 2014 at 8:10 PM, Jay Ashworth <jra at baylink.com> wrote:
> I haven't an example case, but it is theoretically possible.

Qmail-smtpd  has a buffer overflow vulnerability related to integer
overflow which can only be reached when compiled on a 64-bit platform.
x86_64  did not exist when the code was originally written.

If memory serves,  the author never acknowledged the vulnerability and
declined to pay bounty or fix the bug stating   that nobody allows
gigabytes of RAM per smtp process.

However.... you see, there you have a lingering bug that can be
exposed under the right environment....   (Year 2030...  computers
have Petabytes of RAM...  why would you seriously limit any one
process to less than a terabyte....?)

-> http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html

> Cheers,
> -- jra
--
-JH

Follow-Ups:
- update
  - From: kmedcalf at dessus.com (Keith Medcalf)

References:
- update
  - From: kmedcalf at dessus.com (Keith Medcalf)
- update
  - From: jra at baylink.com (Jay Ashworth)

Prev by Date: update
Next by Date: Security Update: Muli-Router Looking Glass (MRLG) version 5.5.0 released
Previous by thread: update
Next by thread: update
Index(es):
- Date
- Thread