Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <200807020203.39355.rbu@gentoo.org>
Date: Wed, 2 Jul 2008 02:03:36 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: Two remote DoS issues in linuxdcpp

On Tuesday 01 July 2008, Steven M. Christey wrote:
> ======================================================
> Name: CVE-2008-2953
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2953
> Reference:
> CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=60861
>2&group_id=40287 Reference:
> CONFIRM:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp
>/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date Reference:
> SECUNIA:30812
> Reference: URL:http://secunia.com/advisories/30812
>
> Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause
> a denial of service (crash) via "partial file list requests" that
> trigger a NULL pointer dereference.

That Secunia advisory is actually for the Windows version of DC++, which 
has a different versioning. I think you might want to expand that in 
the description.

Robert

Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.