search for: bufferoverflow

...sterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Brian West > Sent: Thursday, 23 June 2005 11:45 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [Asterisk-Users] Asterisk Manager Interface Remote > BufferOverflow Vulnerability > > THANK YOU NANCY DREW!!! Could be a bit more vague about this eh? > > /b > --- > Anakin: "You're either with me, or you're my enemy." > Obi-Wan: "Only a Sith could be an absolutist." > > On Jun 22, 2005, at 6:30 PM, trixter...

...interest to the LLVM community? Can you also comment if the approach specified is good to address this issue? References: [1] http://msdn.microsoft.com/en-us/library/ms235384(v=vs.80).aspx [2] https://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20120919/7de4688a/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: llvm_secure_function.patch Type: a...

...comment if > the approach specified is good to address this issue? > > > > References: > > [1] http://msdn.microsoft.com/en-us/library/ms235384(v=vs.80).aspx > > [2] > https://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >

...g? How do you plan to enforce that the insecure functions aren't called? Nick > References: > > [1] http://msdn.microsoft.com/en-us/library/ms235384(v=vs.80).aspx > > [2] > https://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html > > > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

...information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: astro/setiathome Affected: All versions Status: Not fixed Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory: ``There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.'' Example exploits for...

...information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: astro/setiathome Affected: All versions Status: Not fixed Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory: ``There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.'' Example exploits for...

...omment if the approach specified is good to address this issue? > > > > References: > > [1] http://msdn.microsoft.com/en-us/library/ms235384(v=vs.80).aspx > > [2] > https://developer.apple.com/library/mac/#documentation/Security/Concep > tual/SecureCodingGuide/Articles/BufferOverflows.html > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >

...read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : &quot...

...read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : &quot...

...read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : &quot...

...read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : &quot...