Jacob Bachmeyer <[email protected]> writes: >Ah yes, the universal arbitrary code execution exploit: simply replace the >program text with malicious code. :-) > >Can we call it CVE-Zero? :-P
The best one I've run into is enabling an undocumented internal build option that turns on extra code for coverage/fuzz testing, then reporting it as a vuln while ignoring the fact that the debug code also implements SSLKEYLOGFILE which dumps the plaintext TLS master secret to the diagnostic output. Aside from the OpenSSH pseudovulnerability that started all this, anyone else have any interesting stories? Peter.
