Re: format strings vulns in /bin/login and /usr/bin/passwd

> Hello while doing a scan for format strings vulns on util-linux package
...

This doesn't mean that these are vulnerable function calls. For example

        fprintf(stderr, "Sorry, your password is invalid"); or

        syslog(LOG_NOTICE, "User %s is a moron", username);

are completly legitimate ways to call these functions and don't have any vulnerability in them that anyone knows about currently. The presense of a function that *could* be used poorly doesn't mean it *is* used poorly. Sounds like you're just grepping for potential abuses. Now you need to go and look at how the functions are actually called. For example

        syslog(LOG_NOTICE, some_char_array_using_user_input);

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

is definately a bad way to write it. Whether the call is actually exploitable is a different question. But regardless it should be fixed.

--
Brian Hatch                  Linux. The OS for
   Systems and                those with an IQ
   Security Engineer          greater than 98.
http://www.ifokr.org/bri/

Every message PGP signed