20 Oct
2016
20 Oct
'16
11:26 a.m.
On Thu, Oct 20, 2016 at 12:27:32AM -0400, grarpamp wrote:
For people using tor...
https://blog.torproject.org/blog/tor-0289-released-important-fixes https://lists.torproject.org/pipermail/tor-dev/2016-October/011579.html
* Fix memcpy buffer overrun in gethostbyaddr() * Fix memcpy() buffer overrun in gethostbyname() Modifications of these were exploitable at least 20 years ago ;) Probably tor will have hard time showing they are not exploitable, especially when they lack exploit imagination. Did I troll that tor allows remote code execution? (Certainly).