From: kroening@hit.handshake.de (Daniel Kroening)
Subject: Security hole in gnu-win32-gcc
10 Sep 1997 16:48:45 -0700
Approved: cygnus.gnu-win32@cygnus.com
Distribution: cygnus
Message-ID: <34159832.52CD.cygnus.gnu-win32@hit.handshake.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mozilla 3.01 [de] (Win95; I)
Original-To: gnu-win32@cygnus.com
Original-Sender: owner-gnu-win32@cygnus.com

Hello,

I discovered a security hole in cygnus gnu-win32 gcc: Obviously,
allocated ram is not initialised. The generated binaries thus contain
parts of the main memory of the machine compiling it. In binaries, where
uninitialied arrays are, I discovered parts of web pages and other data
of the memory. It might sound harmless, but confident documents or even
pgp secret keys might get disclosed.

Daniel Krvning
-
For help on using this list (especially unsubscribing), send a message to
"gnu-win32-request@cygnus.com" with one line of text: "help".