Hi,
attached you can find some WIP code for processing DTSAs. It''s
in early stages, but I guess it already shows where it''s heading.
Feedback welcome. HTML overview is not handled yet.
Cheers,
Moritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dtsa.py
Type: text/x-python
Size: 4171 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050622/e46e643e/dtsa.py
-------------- next part --------------
source: hotzenplotz
date: 2005-11-12
vuln-type: buffer overflows
cve: CAN-1978-0019
vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html
testing-fix: 3.14-1ts1
sid-fix: 3.14-2
User authentication in hotzenplotz does not verify the user name properly.
A buffer overflow can be exploited to execute arbitrary code with elevated
privileges.