On 24 Aug 2002, Neil Conway wrote:
> "Marc G. Fournier" <scrappy@hub.org> writes:
>
> > On 23 Aug 2002, Neil Conway wrote:
> > > The datetime overrun does not require the ability to connect to
> > > the database.
> >
> > Ack ... obviously I missed something, but, if you can't get a
> > connection to the database, how exactly is this one triggered? :(
>
> If the application is accepting datetime input from the user ('what's
> your birthday?', for example), and isn't doing some non-obvious input
> validation on it (namely, checking that the input string isn't too
> long), you can crash the backend. Gavin says executing arbitrary code
> using the hole would be extremely difficult, but it's at least
> conceivable.
Right, but you have to get a connection to the backend in order to crash
it ... no?