Yes, the recent dhclient stack buffer overflow[1][2] used memcpy, not
strcpy, making this an issue for Hardy. There is evidence that attacks
were built against Ubuntu Hardy that took into account the static guard
value, which would have been stopped if the value was correctly
randomized.
Given that similar issues may again happen, I feel it is best to make
sure this protection is fixed for Hardy.
Yes, the recent dhclient stack buffer overflow[1][2] used memcpy, not
strcpy, making this an issue for Hardy. There is evidence that attacks
were built against Ubuntu Hardy that took into account the static guard
value, which would have been stopped if the value was correctly
randomized.
Given that similar issues may again happen, I feel it is best to make
sure this protection is fixed for Hardy.
[1] http:// www.ubuntu. com/usn/ usn-803- 1 www.debian. org/security/ 2009/dsa- 1833 lists.immunitys ec.com/ pipermail/ dailydave/ 2009-July/ 005829. html
[2] http://
[3] http://