W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2003

Re: FYI: DAV-related buffer overflow exploit in IIS 5

From: <Edgar@EdgarSchwarz.de>
Date: Tue, 18 Mar 2003 21:14:55 +0100 (MET)
Message-Id: <200303182014.h2IKEt0f023735@post.webmailer.de>
To: w3c-dist-auth@w3.org
Cc: frey@inf.ethz.ch
Cc: Edgar@EdgarSchwarz.de

"Jim Whitehead" <ejw@cse.ucsc.edu>
> FYI.
> So, how many implementors on the list are confident *you* don't also have a
> buffer overflow exploit lurking in your code?
> - Jim
> http://www.cert.org/advisories/CA-2003-09.html
>  CERTr Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0
> Original issue date: March 17, 2003
> Last revised: Mon Mar 17 14:34:35 EST 2003
> Source: CERT/CC
A provocing question. So I think I will answer it:
I'm pretty sure :-)
I won't have a single line of C (The mother of all viruses) in my code and also on
the whole server.
In Oberon a buffer overflow can at most crash my WebDAV process and that's it.


edgar@edgarschwarz.de                  "http://www.edgarschwarz.de"
"http://www.edgar-schwarz.de/forum/oberon"    Running Active Oberon
Make it as simple as possible, but not simpler.     Albert Einstein
Received on Tuesday, 18 March 2003 15:15:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:03 GMT