I've just released the technical details behind some recently fixed vulnerabilities in mimetex:
http://scary.beasts.org/security/CESA-2009-009.html
"mimetex" is a little binary (written in the C language) used to render mathematical equations based on the TeX language. It looks very nice and is a cool concept to embed it in web apps. You can use a Google search to locate places that use it:
http://images.google.com/images?hl=en&q=inurl:mimetex.cgi
Unfortunately, the binary suffered from various classic stack-based buffer overflows as well as some commands that might leak inappropriate information.
So be careful what random little binaries and pieces you use to beef up your web app.
This comment has been removed by the author.
ReplyDelete