[BusyBox] Amusing how insular bugtraq is...
Rob Landley
rob at landley.net
Fri May 20 05:38:47 UTC 2005
This look familiar to anyone?
http://www.securityfocus.com/archive/1/398470/2005-05-16/2005-05-22/0
Like, perhaps, this?
http://busybox.net/lists/busybox/2003-November/009878.html
I emailed Julian Seward at the time, who apparently ignored it. Now Bugtraq
has rediscoverd this and gone "eek" recently. I tried figuring out how to
attach a note to the bugtraq bug, but apparently I can't even _see_ the
bugtraq bug because I'm not a security professional subscribed to their
nondisclosure thingy.
How do they expect to _receive_ information if they're so closely guarding
their hoard of it?
Oh well...
No, busybox is not vulnerable to this. My rewrite correctly errored out on
the corrupt archive when I first discovered the problem (as the message
said), it was just compatability testing against the original bzip that I
discovered it went nuts...
Oh, and Eric needs to fix the archive urls so they say busybox.net instead of
codepoet.org. Substitute the domain name and you can download the
attachment...
Rob
More information about the busybox
mailing list