Report: Vulnerability type distributions in CVE
Report: Vulnerability type distributions in CVE
Posted Oct 5, 2006 15:09 UTC (Thu) by arjan (subscriber, #36785)Parent article: Report: Vulnerability type distributions in CVE
And... in Linux format string exploits are no longer actually exploitable anymore since about 2 years (or shorter, depending on your distro).
Posted Oct 5, 2006 16:00 UTC (Thu)
by nix (subscriber, #2304)
[Link]
For Gentoo and LFS users, you have to be using GCC 4.1 or later and glibc 2.3.5+ or (preferably) glibc 2.4, and you have to compile with -D_FORTIFY_SOURCE=2 (at least I think it's level 2 that finds this sort of thing).Report: Vulnerability type distributions in CVE