Hosting Provided By

Re: format strings vulns in /bin/login and /usr/bin/passwd

From: Brandon Erhart <berhart(at)ErhartGroup.COM>
Date: Mon Jan 27 2003 - 11:53:58 EST

Faulty,

Just because there's a *printf function called from the code doesn't mean it's vuln. They'd have to overwrite data somewhere by possible mis-use of the function(s). I do not know which flavor of Unix this is from, so I'm unabel to look over the source code at those lines specified.

Perhaps you need to look at them and see if they don't use any format strings and instead just pass variables -- that's always a tell-tale sign :)

Brandon E. Erhart

At 02:19 AM 1/26/2003, Faulty@b0f.net www.b0f.net wrote:

>Hello while doing a scan for format strings vulns on util-linux package
Received on Mon Jan 27 12:10:42 2003

This message: [ Message body ]
Next message: Brian Hatch: "Re: format strings vulns in /bin/login and /usr/bin/passwd"
In reply to Faulty(at)b0f.net www.b0f.net: "format strings vulns in /bin/login and /usr/bin/passwd"
Next in thread: Brian Hatch: "Re: format strings vulns in /bin/login and /usr/bin/passwd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT