I've just released the technical details behind some recently fixed vulnerabilities in mimetex:
http://scary.beasts.org/security/CESA-2009-009.html
"mimetex" is a little binary (written in the C language) used to render mathematical equations based on the TeX language. It looks very nice and is a cool concept to embed it in web apps. You can use a Google search to locate places that use it:
http://images.google.com/images?hl=en&q=inurl:mimetex.cgi
Unfortunately, the binary suffered from various classic stack-based buffer overflows as well as some commands that might leak inappropriate information.
So be careful what random little binaries and pieces you use to beef up your web app.
1 comment:
Post a Comment