Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Y3K problems ? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Y3K problems ?
I almost had a déjà-vu moment when I read: CVE-2007-0842
So time handling functions in Visual C++ 8.0 can't go beyond Jan 1st 3000, didn't the industry learn almost a decade ago that dates move on and building any arbitrary limit is a bad idea(tm).

To add injury to the insult it's not that it returns something indicating it can't handle a date that far in the future, but just throws up an exception and terminates the application, causing opportunity for causing a DoS.

--
Swa Frantzen -- NET2S.com
Swa

760 Posts
Feb 13th 2007

Sign Up for Free or Log In to start participating in the conversation!