[VIM] CVE-2006-5823 (zlib_inflate): Alternate Vectors?
Gadi Evron
ge at linuxbox.org
Wed Feb 21 18:30:04 EST 2007
As a general note on our unrelated conversation, Matt: the Vista issue is
serious.
On Wed, 21 Feb 2007, Matthew Murphy wrote:
> I see that some distros are just getting around to patching the
> zlib_inflate vulnerability (CVE-2006-5823). In the past, zlib has
> been associated with some major security exposures, and so it
> surprises me that this has been (largely) played down without
> attention as a bug that allows you to bring down a box by mounting a
> crafted file system that, oh-by-the-way, happens to use zlib.
>
> Is anybody aware of other (promising or disastrous, depending on how
> you look at it) potential exploit vectors for this beyond kernel-mode
> file system code -- e.g., network client libraries? If not, is anyone
> aware of why it seems this hole got so little attention? Is it
> sufficiently hard to trigger that most environments wouldn't allow
> exploitation?
>
More information about the VIM
mailing list