[ntp:security] [Bug 2630] buffer overrun in tokenize()

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Aug 6 12:41:18 UTC 2014


http://bugs.ntp.org/show_bug.cgi?id=2630

--- Comment #3 from Brian Utterback <brian.utterback at oracle.com> 2014-08-06 12:41:18 UTC ---
Glad to. It requires a certain fairly difficult analysis of buffer overruns to
determine their possible effect. Privilege escalation is possible in certain
rare circumstances, much more common is running arbitrary commands. Because of
this, Oracle adopts a "guilty until proven innocent" attitude on code
compliance issues that involve arbitrarily large buffer overruns.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list