search for: killcrece

...) functions, which calls cddb_init(), then uses the structure with the dynamically allocated path string and copies it into a fixed length buffer with: sprintf(str, " %s", pathp->path); The str variable is defined in cd_init() as char str[FILE_PATH_SZ + 2]. Rob McMillan and Georgia Killcrece at CERT, and Ti Kan, the maintainer of XMCD, were made aware of this problem on November 19th. Any questions to CERT regarding this security hole should reference INFO#96.25542. Ti Kan says he has already fixed this problem in a new unreleased version of XMCD, although he was not aware until I e...

...functions, which calls cddb_init(), then uses the structure with the dynamically allocated path string and copies it into a fixed length buffer with: sprintf(str, " %s", pathp->path); The str variable is defined in cd_init() as char str[FILE_PATH_SZ + 2]. Rob McMillan and Georgia Killcrece at CERT, and Ti Kan, the maintainer of XMCD, were made aware of this problem on November 19th. Any questions to CERT regarding this security hole should reference INFO#96.25542. Ti Kan says he has already fixed this problem in a new unreleased version of XMCD, although he was not aware until I...